Skip to content

Prevent deep pagination causing Solr trouble #386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
boost-tim merged 30 commits into from
Aug 8, 2025
Merged

Prevent deep pagination causing Solr trouble #386

boost-tim merged 30 commits into from
Aug 8, 2025

Conversation

@boost-tim
Copy link
Contributor

@boost-tim boost-tim commented Jul 31, 2025
edited
Loading

Acceptance Criteria

  • API traffic with deep pagination does not overload SOLR
  • API keys have appropriate limits in order to prevent paginating too deeply

Notes

  • Maybe something like limiting the "anonymous" API key role to page 100 maximum.
  • Limit is currently set up in the SOLR config
  • We could consider upping the daily limit on the anonymous key to balance out taking something away.

@github-actions
Copy link

github-actions bot commented Aug 1, 2025
edited
Loading

Code quality score

Uh oh! The code quality got worse for this PR! Better take a look!! 🚨

Ruby file count Similarity score (flay) ABC complexity (flog) Code smells (reek) TOTALS
base 143 3.35 8.08 22.15 33.58
this branch 145 3.35 8.16 22.15 33.66
difference 2 0.0 ⚠️ 0.08 0.0 0.08

@boost-tim boost-tim changed the title WIP: Some potential changes to enforce page limits on the API Prevent deep pagination causing Solr trouble Aug 4, 2025
richardmatthewsdev
richardmatthewsdev reviewed Aug 5, 2025
View reviewed changes
app/models/supplejack_api/search.rb Outdated
**options.merge(model_class: klass.model_class, schema_class: klass.schema_class)
)

@options = if options.present? && options['api_key'].present?
Copy link
Contributor

@richardmatthewsdev richardmatthewsdev Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to check the role of the key rather than if it is present or not, the anonymous user does actually have a key and it gets used if you don't provide your own key.

Copy link
Contributor

@richardmatthewsdev richardmatthewsdev Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this implementation if I knew the anonymous API key user (unlikely) I could get around it

richardmatthewsdev
richardmatthewsdev requested changes Aug 5, 2025
View reviewed changes
Copy link
Contributor

@richardmatthewsdev richardmatthewsdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be worth looking at the roles functionality that we can do in the record schema and see if there is a way that we can change the limits based on the role, rather than lack of the API key in the params :)

hapiben
hapiben approved these changes Aug 6, 2025
View reviewed changes
supplejack_api.gemspec
s.add_dependency 'kaminari'
s.add_dependency 'kaminari-mongoid'
s.add_dependency 'lazy_high_charts'
s.add_dependency 'mimemagic'
Copy link
Member

@hapiben hapiben Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Will this break anything?

Copy link
Contributor Author

@boost-tim boost-tim Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hapiben it's a good question, but I couldn't even run bundle install unless I removed it

@boost-tim boost-tim force-pushed the tw/deep-pagination-limits branch from 37bdca3 to b2af788 Compare August 6, 2025 22:59
@boost-tim boost-tim merged commit 8e9f2fc into main Aug 8, 2025
4 of 5 checks passed
@boost-tim boost-tim deleted the tw/deep-pagination-limits branch August 8, 2025 00:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hapiben hapiben hapiben approved these changes

@richardmatthewsdev richardmatthewsdev richardmatthewsdev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@boost-tim @hapiben @richardmatthewsdev