Implement client-side rate limiting per session

Previous experience with Sentry has found that there are various scenarios that can cause a client to spam the server with a large number of reports. Although Sentry has its own server-side quotas and rate limiting, I think it will be useful to do client-side per-session rate limiting as well. This also provides a place where we can hook in other client-side filtering in future.

Implement client-side rate limiting per session
Previous experience with Sentry has found that there are various scenarios that can cause a client to spam the server with a large number of reports. Although Sentry has its own server-side quotas and rate limiting, I think it will be useful to do client-side per-session rate limiting as well. This also provides a place where we can hook in other client-side filtering in future.
fd022199 · Robert Knight · 542b96f0 · fd022199 · fd022199
Commit fd022199 authored Aug 23, 2019 by Robert Knight
Hide whitespace changes
Inline Side-by-side

Showing with 90 additions and 0 deletions

sentry.js src/sidebar/util/sentry.js +32 -0

sentry-test.js src/sidebar/util/test/sentry-test.js +58 -0

No files found.
--- a/src/sidebar/util/sentry.js
+++ b/src/sidebar/util/sentry.js
@@ -2,11 +2,16 @@
 const Sentry = require('@sentry/browser');
+const warnOnce = require('../../shared/warn-once');
 /**
 * @typedef SentryConfig
 * @prop {string} dsn
 */
+let eventsSent = 0;
+const maxEventsToSendPerSession = 5;
 /**
 * Initialize the Sentry integration.
 *
@@ -19,6 +24,23 @@ function init(config) {
  Sentry.init({
    dsn: config.dsn,
    release: '__VERSION__', // replaced by versionify
+    beforeSend: event => {
+      if (eventsSent >= maxEventsToSendPerSession) {
+        // Cap the number of events that any client instance will send, to
+        // reduce the impact on our Sentry event quotas.
+        //
+        // Sentry implements its own server-side rate limiting in addition.
+        // See https://docs.sentry.io/accounts/quotas/.
+        warnOnce(
+          'Client-side Sentry quota reached. No further Sentry events will be sent'
+        );
+        return null;
+      }
+      ++eventsSent;
+      return event;
+    },
  });
 }
@@ -33,7 +55,17 @@ function setUserInfo(user) {
  Sentry.setUser(user);
 }
+/**
+ * Reset metrics used for client-side event filtering.
+ */
+function reset() {
+  eventsSent = 0;
+}
 module.exports = {
  init,
  setUserInfo,
+  // Test helpers.
+  reset,
 };
--- a/src/sidebar/util/test/sentry-test.js
+++ b/src/sidebar/util/test/sentry-test.js
+'use strict';
+const sentry = require('../sentry');
+describe('sidebar/util/sentry', () => {
+  let fakeSentry;
+  let fakeWarnOnce;
+  beforeEach(() => {
+    fakeSentry = {
+      init: sinon.stub(),
+      setUser: sinon.stub(),
+    };
+    fakeWarnOnce = sinon.stub();
+    sentry.$imports.$mock({
+      '@sentry/browser': fakeSentry,
+      '../../shared/warn-once': fakeWarnOnce,
+    });
+  });
+  afterEach(() => {
+    sentry.$imports.$restore();
+  });
+  it('limits the number of events sent to Sentry per session', () => {
+    sentry.init({ dsn: 'test-dsn' });
+    assert.called(fakeSentry.init);
+    // The first `maxEvents` events should be sent to Sentry.
+    const maxEvents = 5;
+    const beforeSend = fakeSentry.init.getCall(0).args[0].beforeSend;
+    for (let i = 0; i < maxEvents; i++) {
+      const val = {};
+      // These events should not be modified.
+      assert.equal(beforeSend(val), val);
+    }
+    assert.notCalled(fakeWarnOnce);
+    // Subsequent events should not be sent and a warning should be logged.
+    assert.equal(beforeSend({}), null);
+    assert.equal(beforeSend({}), null); // Verify this works a second time.
+    assert.called(fakeWarnOnce);
+  });
+  describe('setUserInfo', () => {
+    it('sets the Sentry user', () => {
+      sentry.setUserInfo({ id: 'acct:jimsmith@hypothes.is' });
+      // `setUserInfo` is currently a trivial wrapper.
+      assert.calledWith(fakeSentry.setUser, {
+        id: 'acct:jimsmith@hypothes.is',
+      });
+    });
+  });
+});