Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve date poll cloning so as to avoid abuse #1058

Closed
mashedkeyboard opened this issue Aug 19, 2020 · 3 comments · Fixed by #1059
Closed

Improve date poll cloning so as to avoid abuse #1058

mashedkeyboard opened this issue Aug 19, 2020 · 3 comments · Fixed by #1059
Milestone

Comments

@mashedkeyboard
Copy link

Is your feature request related to a problem? Please describe.
Yes. At present, any user who can create a date poll can clone date poll options infinitely and easily with the clone tool. However, there is no apparent limit on "Number of items to create", no rate limit on the endpoint for cloning them, and each clone is its own request (the cloning is handled client-side). This means that someone can set "Number of items to create" to, for instance, 999999999, and set step unit to "Minute", creating a huge number of database entries and weighing down the server with a vast number of requests, as each of the requests is handled separately.

Describe the solution you'd like
In my view, the best solution to this would be a combination of a limit on the number of available dates in a single date poll, combined with changing the client-side calculation of the clone to option sequence (i.e. a single request for each date being added) to a system whereby a single endpoint is called once to perform the clone, and the rest happens server-side.

Describe alternatives you've considered
One alternative is simply rate-limiting the endpoint for creating new options; however, that seems like a fairly ugly solution, and might end up being confusing for users. Further, with a single request creating multiple, you'd end up being able to set a far higher rate limit than you could with the current system, as the overhead of new requests for each and every one is huge.

@dartcafe
Copy link
Collaborator

Agree. The current solution is a little bit convenient using moment.js. A transferral to the backend is planned, to avoid multiple request and response turnarounds.

@dartcafe dartcafe added this to the next milestone Aug 21, 2020
dartcafe added a commit that referenced this issue Aug 22, 2020
@dartcafe dartcafe linked a pull request Aug 22, 2020 that will close this issue
@dartcafe
Copy link
Collaborator

While looking at it, I found it less complicated as expected.

Copy link

github-actions bot commented Jun 7, 2024

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants