* Add rate limiting to cart endpoints based on session
* Handle nonce and rate checks in permission_callback
* Rate limit checkout only
* Debug
* Unused AbstractRoute
* Code standards
* Modify core rate limit table
* Add rate limit at rest api level, not route level
* Rate limit helper
* Remove rate limit from routes
* Usused dep
* Remove custom error logic no longer needed
* Remove dependency
* Remove custom permission_callback
* Hash IP and handle null
* Remove error response handler
* revert error_to_response changes
* Remove add_response_headers
* Remove IDENTIFIER
* Remove white space
* Increase limit
* Missing class comment
* Move rate limiting code within store api codebase
* white space
* Fix return type
* Check rate limit expiry greater than now
* Remove x- prefix
* reorder functions
* remove table
* pass request to add_nonce_headers
* return early and avoid elseif on AbstractCartRoute:get_response()
* Refactor get_ip_address() before implementing options for functionality
* Change rate limit to 5 requests
Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>
* Change rate limit window to 60 seconds
Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>
* Disable rate limiting by default
Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>
* Updated limits comment
* Example for Forwarded header
* Updated "woocommerce_store_api_enable_rate_limit_check" filter doc
* Added filter for the Store API rate limit check proxy support
* Add an action here that carries over the IP address being blocked.
* Added logic around setting the action_id, and returns an error when ip cannot be determined for users not logged in.
* Renamed action for limit exceeded.
* Common rate limiting header naming prefix, and fixed comment typos.
* Doc for Rate Limiting (wip)
* Example for Rate Limiting docs
* Remove private IP range block for rate limiting
* Refactored get_response() to add nonce headers to response instead of request
* Disable batching for Checkout calls to prevent bypassing Rate Limiting.
* Removed redundant arg.
* package-lock.json update
* Removed repeated func calls.
* Fix failing tests.
* Tests wip.
* Request limit and timeframe are now constants for RateLimits utility class.
* Tests for Rate Limit headers.
* Reverted PHPUnit config to enable all tests again.
* Update src/StoreApi/Authentication.php comment wording
Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>
* Removed possibly unnecessary get_ip_address() call.
* Changed wording on comment for get_ip_address() method.
* Simplified validate_ip() method.
* Fixed wrong header entry for "Forwarded" check.
* Unit testing for Authentication::get_ip_address()
* Comment explaining the reason to use ReflectionClass for testing get_ip_address().
* Support for error output outside batch request.
* MD linting.
* Refactor to implement options through a single filter.
* fixed md lint error and config file
* reverted accidental default func arg value removal
* re-enabled batch support for checkout
* action for limit exceed now also triggered in case we can't resolve the IP.
* Doc tweak.
* Return unresolved IP address when REMOTE_ADDR isn't set with proxy support disabled.
* Group unresolved ips for rate limiting
* Fixed bug where current limit wasn't properly initialized.
Co-authored-by: Nadir Seghir <nadir.seghir@gmail.com>
Co-authored-by: Paulo Arromba <17236129+wavvves@users.noreply.github.com>
Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>
* BLOCK SETTINGS: Remove unused constants/settings
* AssetDataRegistry: Helpers to check for settings that exist, and registering page ID/permalinks
* Move checkout and cart block settings to checkout and cart blocktypes
* Move isShippingCalculatorEnabled to cart block
* Remove HAS_DARK_EDITOR_STYLE_SUPPORT and IS_SHIPPING_CALCULATOR_ENABLED in favour of getSetting
* Move displayCartPricesIncludingTax to blocktypes, and implement getSetting
* Move block settings to core settings and blocktypes
* Fix namespace usage
* Move review settings
* move tag settings
* Keep productCount in core data
* Move min and default height
* Improve storePages code
* Move attributes to attribute filter block type
* Move $word_count_type outside of settings array
* Remove unneeded setting in preview data (shippingCostRequiresAddress)
* Move min/max settings dependency from GridLayoutControl to Blocks themselves and use getSettings
* DEFAULT_COLUMNS and ROWS to settings
* Move product columns/rows to block types
* Add grid settings to AllProducts block
* Correct default rows
* correct min rows default
* Move hasDarkEditorStyleSupport
* Move hideOutOfStockItems to block type settings
* Move build settings to inline script dependency
* Pass data through asset api and move restApiRoutes
* Export all core settings as constants
* Remove WORD_COUNT_TYPE from core settings
* Move some other core settings to assets
* Update constants
* Make settings use TypeScript
* Update CURRENT_USER_IS_ADMIN usage
* WORD_COUNT_TYPE
* REST_API_ROUTES
* REVIEW_RATINGS_ENABLED and SHOW_AVATARS
* Remove REVIEW_RATINGS_ENABLED and SHOW_AVATARS constants
* Remove MIN_HEIGHT
* Remove DEFAULT_HEIGHT
* PLACEHOLDER_IMG_SRC
* LIMIT_TAGS
* HAS_PRODUCTS
* HOME_URL
* HAS_TAGS
* COUPONS_ENABLED
* SHIPPING_ENABLED
* TAXES_ENABLED
* DISPLAY_ITEMIZED_TAXES
* SHIPPING_COST_REQUIRES_ADDRESS
* SHIPPING_STATES and SHIPPING_COUNTRIES
* STORE_PAGES
* ALLOWED_COUNTRIES
* ALLOWED_STATES
* SHIPPING_METHODS_EXIST
* PAYMENT_GATEWAY_SORT_ORDER
* CHECKOUT_SHOW_LOGIN_REMINDER
* CHECKOUT_ALLOWS_GUEST and CHECKOUT_ALLOWS_SIGNUP
* ATTRIBUTES
* DISPLAY_CART_PRICES_INCLUDING_TAX
* DISPLAY_CART_PRICES_INCLUDING_TAX
* update build for TS files
* fix build dir
* Move blocks build config params
* Move placeholderImgSrc to core settings
* Move rest api hydration hoc to shared hocs and provide it restApiRoutes directly to avoid asset data registration
* Move wordCountType to abstract block
* Remove WORD_COUNT_TYPE in favour of getSetting
* Move IS_LARGE_CATALOG and PRODUCT_COUNT to abstract block type and use getSetting inline
* Add wcBlocksConfig
* fix tests
* Remove unused $asset_data_registry
* remove console.log
* Move build settings to abstract block
* Trigger build again
* Move hydration back to regular hocs for compatibility with trunk (merge conflict)
* Removed wcSharedHocsConfig
* esc home url
* Update search fixture
* Update search snap
* 40000 timeout
* hasProducts -> productCount
* Product Count is part of blocks config
* update mocks
* Use version comparison to determine if batching is enabled
* Change isWpVersion
* scrollTo button
* Add batch route
* Register batch route
* Allow batching on writable endpoints
* Batch in client
* Batch non-GET requests
* Batching support with typescript defs
* Remove unused hook
* Prevent multiple fragment updates
* Only use batch route if detected
* Correct var name
* Move nonce check to validate_callback so it runs before requests are completed
* remove unused imports
* updateCartFragments function as const
* Add phpunit tests for batching functionality
* Reduce batch delay
* increase timeout
* Update isCartUpdatePostRequest for batch support
* Update Endpoint used in test
* Move nonce check back inline - custom headers are not returned otherwise
* Fix error handling
* Back to 30s
* Update assets/js/middleware/cart-update.ts
Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>
* whitespace
Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>
This reverts commit 5b65a02297.
This commit broke cart updates for the cart block (surfaced with changing quantity)
There were also legit e2e test fails for the cart-update middleware behaviour that weren’t addressed.
* Add batch route
* Register batch route
* Allow batching on writable endpoints
* Batch in client
* Batch non-GET requests
* Batching support with typescript defs
* Remove unused hook
* Prevent multiple fragment updates
* Only use batch route if detected
* Correct var name
* Move nonce check to validate_callback so it runs before requests are completed
* remove unused imports
* updateCartFragments function as const
* Add phpunit tests for batching functionality
* Reduce batch delay
* increase timeout
* Fix tslint warnings
* Install @automattic/data-stores to get access to some type generics for use with our data stores.
* improve ts typing of cart-data store.
* fix incorrect rebase conflict resolution.
* add typescript support
* Add type declarations for Cart and CartResponse interfaces
* make sure we’re resolving .ts files as well as .js files on imports
* add more types
* type the cart data store
* Apply suggestions from code review (implement .tsx in configs)
Co-authored-by: Jon Surrell <jon.surrell@automattic.com>
* remove global fetchMock declaration and directly import where used.
* rename type
* remove named action types and just infer by returning action creator values as const
* use interface instead of type
* rename
* renames
* create CartAction type as union of action creator returned types and implement in reducer
* remove unused imports
* refresh package-lock after rebase
* Add base TS config that projects will inherit from
* Add tsconfig for assets/js/data project
* Ignore TS error on cart store registration
We will address this in cooldown when we have time to investigate further
* Add tsc to build step to catch TypeScript errors
* add a separate command for tsc and tweak build command to use
* restore checkJs and allowJs values in config and remove ts check from build command
* Add ts:check-all command
* Add TypeScript checking workflows
* Change triggers for TypeScript workflow
* Use npm ci instead of npm install
* Remove ts:check-all from TypeScript workflow
* Remove TS Check GitHub workflow
* Remove type-defs dir from TS include, and remove ts:check-all script
We no longer need the ts:check-all script because ts:check will do this for us, the old ts:check did nothing and did not work.
* fix coupon loading issues
* include .ts files only from type-defs folder
Co-authored-by: Jon Surrell <jon.surrell@automattic.com>
Co-authored-by: Thomas Roberts <thomas.roberts@automattic.com>
Mike Jolley
Darren Ethier