tony_tty
tony_tty2y ago

Source IP address for HTTP actions

Hi! Is there a way to get the source IP address for HTTP actions [0]? [0] https://docs.convex.dev/functions/http-actions
HTTP Actions | Convex Developer Hub
HTTP actions allow you to build an HTTP API right in Convex!
9 Replies
ballingt
ballingt2y ago
Is this the IP address of the client making the request an HTTP action? Or the IP to make requests to to run HTTP action?
tony_tty
tony_ttyOP2y ago
The former. The IP address of the client
ballingt
ballingt2y ago
HTTP actions follow the Fetch API spec which doesn't expose this, so no there is not. What are you thinking of using this for? I'd love to hear about your use case because we could provide this, e.g. as a custom header, but we wouldn't want to add custom headers most people won't want.
tony_tty
tony_ttyOP2y ago
Thanks for the answer! I am hoping to store the source IP address and tie it to other resource usage for rate limiting / filter out users in regions we don't support, etc. I could try to get the IP address from the frontend and send it back as a workaround, but that's easier to fake.
ballingt
ballingt2y ago
Ah cool, makes sense. For rate limiting, is there something higher level we could provide that would be helpful, eg configuration (please rate limit this in such and such a way) or would you rather write your rate limiting in the http action? Regions makes sense, I can see why you'd want IP-like information about a request.
tony_tty
tony_ttyOP2y ago
general higher level rate limiting provided by convex can definitely be useful for most users! I suspect my use case is on the less common end. my users will generate variable sized workload so some custom rate limiting logic will actually be easier to operate.
ballingt
ballingt2y ago
Thanks, we'll let you know if this changes.
ian
ian10mo ago
I just added a helper for rate limiting in convex-helpers@0.1.38. More info in this new Stack post: https://stack.convex.dev/rate-limiting With a little section on the bottom about authenticating anonymous users: https://stack.convex.dev/rate-limiting#authenticating-anonymous-users
Implementing Rate Limiting with only two numbers
Implementing application rate limiting when you have fast access to a database with strong ACID guarantees. Token bucket and fixed window, with fairne...
Prince
Prince10mo ago
Fantastic, thank you!

Did you find this page helpful?