ryer.io

Navigating Merge Conflicts and Rate Limiting Middleware

#git #merging #typescript #mongodb #react-native

TL;DR

  • Pull requests for documentation updates are straightforward and beneficial when working alone.
  • Navigating large merge conflicts on a historical branch can be challenging, with over 1000 changes.
  • The mitigation involved identifying the core middleware logic and renaming for consistency.
  • Implementing MongoDB transactions locally and adjusting rate limiter in Express were critical for blocking malicious activity effectively.

Creating a pull request (PR) for MongoDB documentation updates felt like a breeze, especially when you’re both the reviewer and implementer. It’s tasks like these that remind me of the advantages of solo reviewing—quick, focused feedback.

Next up, the task to block malicious users on story 2382 took a turn. Mistakenly, I thought I needed a new branch but realized I had to find an existing one—turns out, it was a bit elusive but “mitigate attackers” seemed fitting. This was far from straightforward due to over 1000 changes, mainly owing to our React Native migration to the JavaScript Interface (JSI).

My first step was to dive into our resources and middleware files to locate the necessary modifications. The rate limiting middleware turned out to be the needle in the haystack, hidden among intimidating merge conflicts. With 16 conflicts, most involved files like gitignore and yarn.lock. Here, discretion was key—I chose to accept incoming changes that preserved necessary types and configurations.

Particularly, I encountered a curious problem with the app.ts file. Hardcoded 404 errors were flagged during what should have been a simple README change. The issue traced back to a hardcoded status, necessitating a refactor to accommodate our new API and Auth0 rate limiter.

Ensuring naming conventions were consistent was pivotal. The rate limiter middleware—initially named verbosely—was renamed to rateLimit.MW to standardize our codebase. I also contended with ambient module declarations in TypeScript that interfered with our proxy services’ global declarations, necessitating further refactoring.

Some of the resolution involved temporarily disabling my TS server before applying extensive changes, which helped alleviate persistent issues. The final hurdle required beginning the implementation in the auth.user.service and its dependencies, stabilizing the global rate limiting architecture. Through this code exploration, I unraveled and adjusted several component interactions, forming a more robust system for mitigating malicious user actions.