07a612f575
* Add rate limiting to cart endpoints based on session * Handle nonce and rate checks in permission_callback * Rate limit checkout only * Debug * Unused AbstractRoute * Code standards * Modify core rate limit table * Add rate limit at rest api level, not route level * Rate limit helper * Remove rate limit from routes * Usused dep * Remove custom error logic no longer needed * Remove dependency * Remove custom permission_callback * Hash IP and handle null * Remove error response handler * revert error_to_response changes * Remove add_response_headers * Remove IDENTIFIER * Remove white space * Increase limit * Missing class comment * Move rate limiting code within store api codebase * white space * Fix return type * Check rate limit expiry greater than now * Remove x- prefix * reorder functions * remove table * pass request to add_nonce_headers * return early and avoid elseif on AbstractCartRoute:get_response() * Refactor get_ip_address() before implementing options for functionality * Change rate limit to 5 requests Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com> * Change rate limit window to 60 seconds Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com> * Disable rate limiting by default Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com> * Updated limits comment * Example for Forwarded header * Updated "woocommerce_store_api_enable_rate_limit_check" filter doc * Added filter for the Store API rate limit check proxy support * Add an action here that carries over the IP address being blocked. * Added logic around setting the action_id, and returns an error when ip cannot be determined for users not logged in. * Renamed action for limit exceeded. * Common rate limiting header naming prefix, and fixed comment typos. * Doc for Rate Limiting (wip) * Example for Rate Limiting docs * Remove private IP range block for rate limiting * Refactored get_response() to add nonce headers to response instead of request * Disable batching for Checkout calls to prevent bypassing Rate Limiting. * Removed redundant arg. * package-lock.json update * Removed repeated func calls. * Fix failing tests. * Tests wip. * Request limit and timeframe are now constants for RateLimits utility class. * Tests for Rate Limit headers. * Reverted PHPUnit config to enable all tests again. * Update src/StoreApi/Authentication.php comment wording Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com> * Removed possibly unnecessary get_ip_address() call. * Changed wording on comment for get_ip_address() method. * Simplified validate_ip() method. * Fixed wrong header entry for "Forwarded" check. * Unit testing for Authentication::get_ip_address() * Comment explaining the reason to use ReflectionClass for testing get_ip_address(). * Support for error output outside batch request. * MD linting. * Refactor to implement options through a single filter. * fixed md lint error and config file * reverted accidental default func arg value removal * re-enabled batch support for checkout * action for limit exceed now also triggered in case we can't resolve the IP. * Doc tweak. * Return unresolved IP address when REMOTE_ADDR isn't set with proxy support disabled. * Group unresolved ips for rate limiting * Fixed bug where current limit wasn't properly initialized. Co-authored-by: Nadir Seghir <nadir.seghir@gmail.com> Co-authored-by: Paulo Arromba <17236129+wavvves@users.noreply.github.com> Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com> |
||
---|---|---|
.. | ||
cart | ||
checkout | ||
collections | ||
payment | ||
query-state | ||
schema | ||
utils | ||
validation | ||
README.md | ||
constants.ts | ||
index.ts | ||
mapped-types.ts | ||
shared-controls.ts | ||
types.ts |
README.md
Data Stores
This folder contains all the data stores registered with wp.data
for use by various blocks. Store keys are exported as constants on the wc.wcBlocksData
export (external registered as @woocommerce/block-data
and enqueued via handle wc-blocks-data-store
). For any block using the store, make sure you import the store key rather than using the reference directly to ensure dependencies are automatically extracted correctly.
It is assumed there is some familiarity already with interacting with the wp.data
api. You can read more about that here.
The following stores are registered:
Store | Description | Store key |
---|---|---|
schema | Used for accessing routes. Has more internal usage. | SCHEMA_STORE_KEY |
collections | Holds collections of data indexed by namespace, model name and query string | COLLECTIONS_STORE_KEY |
query-state | Holds arbitrary values indexed by context and key. Typically used for tracking state of query objects for a given context | QUERY_STATE_STORE_KEY |
We're hiring! Come work with us!
🐞 Found a mistake, or have a suggestion? Leave feedback about this document here.