feat(graphql-api): allow whitelisted IPs to bypass rate limits

Author: rileyhgrant

graphql-api/src/app.ts

@@ -8,6 +8,8 @@ import { client as esClient } from './elasticsearch'
 import graphQLApi from './graphql/graphql-api'
 import logger from './logger'
 
+import { loadWhitelist } from './whitelist'
+
 process.on('uncaughtException', (error) => {
   logger.error(error)
   process.exit(1)
@@ -75,6 +77,8 @@ app.use(function requestLogMiddleware(request: any, response: any, next: any) {
   next()
 })
 
+loadWhitelist()
+
 const context = { esClient }
 
 app.use('/api/', graphQLApi({ context }))

graphql-api/src/graphql/rate-limiting.ts

@@ -2,6 +2,7 @@ import { Redis } from 'ioredis'
 import config from '../config'
 import { UserVisibleError } from '../errors'
 import logger from '../logger'
+import { isWhitelistedIP } from '../whitelist'
 
 let rateLimitDb: Redis
 
@@ -47,6 +48,10 @@ export const applyRateLimits = async (request: any) => {
 
   const clientId = request.ip
 
+  if (isWhitelistedIP(clientId)) {
+    return
+  }
+
   try {
     const totalRequestsInWindow = await increaseRateLimitCounter(
       `rate_limit:1m:requests:${clientId}:${rateLimitWindow}`,

graphql-api/src/whitelist.ts

@@ -0,0 +1,22 @@
+import { Storage } from '@google-cloud/storage'
+
+const storage = new Storage()
+let whitelistedIPs: Set<string> = new Set()
+
+export async function loadWhitelist() {
+  try {
+    const bucket = storage.bucket('gnomad-configs')
+    const file = bucket.file('whitelist.json')
+    const [contents] = await file.download()
+    const data = JSON.parse(contents.toString())
+    whitelistedIPs = new Set(data.whitelisted_ips)
+    // TODO: REMOVEME
+    console.log(`Loaded ${whitelistedIPs.size} whitelisted IPs`)
+  } catch (err) {
+    console.error('Failed to load IP whitelist: ', err)
+  }
+}
+
+export function isWhitelistedIP(ip: string): boolean {
+  return whitelistedIPs.has(ip)
+}