Merge pull request #4672 from withspectrum/rate-limit-email-invites

Rate limit email invites

Author: mxstbr

api/schema.js

@@ -73,6 +73,7 @@ const Root = /* GraphQL */ `
     window: Int
     message: String
     identityArgs: [String]
+    arrayLengthField: String
   ) on FIELD_DEFINITION
 
   # The dummy queries and mutations are necessary because

api/types/Community.js

@@ -311,6 +311,7 @@ const Community = /* GraphQL */ `
     importSlackMembers(input: ImportSlackMembersInput!): Boolean
       @deprecated(reason: "Importing slack members is deprecated")
     sendEmailInvites(input: EmailInvitesInput!): Boolean
+      @rateLimit(max: 5000, window: "1w", arrayLengthField: "input.contacts")
     pinThread(threadId: ID!, communityId: ID!, value: String): Community
     upgradeCommunity(input: UpgradeCommunityInput!): Community
       @deprecated(

package.json

@@ -112,7 +112,7 @@
     "graphql-date": "^1.0.3",
     "graphql-depth-limit": "^1.1.0",
     "graphql-log": "0.1.3",
-    "graphql-rate-limit": "^1.2.2",
+    "graphql-rate-limit": "^1.2.4",
     "graphql-tag": "^2.10.0",
     "graphql-tools": "^4.0.3",
     "helmet": "^3.14.0",

src/components/emailInvitationForm/index.js

@@ -302,6 +302,13 @@ class EmailInvitationForm extends React.Component<Props, State> {
         })
         .filter(Boolean);
 
+      if (validated.length > 5000) {
+        this.setState({
+          importError: 'Cannot invite more than 5,000 emails.',
+        });
+        return;
+      }
+
       const consolidated = [
         ...this.state.contacts.filter(
           contact =>
@@ -377,7 +384,7 @@ class EmailInvitationForm extends React.Component<Props, State> {
           <Icon size={20} glyph="upload" /> Import emails
         </ActionAsLabel>
         <ActionHelpText>
-          Upload a .json file with an array of email addresses.
+          Upload a .json file with an array of up to 5,000 email addresses.
         </ActionHelpText>
 
         <Action onClick={this.toggleCustomMessage}>

yarn.lock

@@ -7197,10 +7197,10 @@ [email protected]:
     deep-for-each "^1.0.6"
     is-function "^1.0.1"
 
-graphql-rate-limit@^1.2.2:
-  version "1.2.2"
-  resolved "https://registry.yarnpkg.com/graphql-rate-limit/-/graphql-rate-limit-1.2.2.tgz#4c97e7bcb5b8c8ca1ee67aaf194d22b88bba6f53"
-  integrity sha512-Osns7iZkKLAANZokorAKKIehQ3Wm03nXts2aBBy15r/QhKTNPxVwc71sXTn3IPJ7SzAfoARvPN1Jm3bmblHtiQ==
+graphql-rate-limit@^1.2.4:
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/graphql-rate-limit/-/graphql-rate-limit-1.2.4.tgz#8d28e475f77351f11cd09cc3f539adaba8dd208d"
+  integrity sha512-hddZL3aXPcpRpH57UFErrLzc0Wdjka570yRJSG5leG+iPXarHDf85Tl5oyj00PW0jVfml2X2K7ucOInsE8xYbw==
   dependencies:
     "@types/redis-mock" "^0.17.0"
     graphql-tools "^4.0.3"