Hey Tiago, can you pls show your vsc extensions, I want to copy your folders image extension, and also the one who change the color of the file you are editing. thx
thanks for your videos! just one question: since your server still needs to process the request to verify whether it needs to be rate limited or not, won't this cost you if you get spammed anyway?
So there is no way around that but if I had to compute an expensive operation if I got spammed it’s way expensive than a rate limit check. That is why it’s important to have a fast rate limiter (in a fast access database like redis for example). I could also ban an IP after to many blocks as well
@@TiagoTaquelim Can you not have a service before your API for example in cloudflare? If the ratelimit gets triggered your API won't get a single request. BTW, thanks for the video, your channel is really great.
I haven't checked Cloudflare lately since they deprecated page rules but I think you could probably set a cookie for a misbehaving client then direct Cloudflare to block all clients with that cookie. I know you could manually block IPs on CF but I'm not sure if you could actually just send it to them from your app. If you have to let the request through, I've actually set up a CSV file right on the server that is updated by the app whenever there's an egregious IP address. The file is checked before every request before anything even hits my Redis cache or DB. I've had it happen where I've had so many requests from so many bad IPs at once that even my Redis instance maxed it's connection limit so the file on each app server just keeps any really bad requester from even making a connection.
Once you go beyond simple CRUD queries, the generated SQL can get pretty messy/inefficient, search up n+1 problem. ORMs are getting better at generating SQL, but for me I like to use sqlc and just write it myself then generate the go code + interface. Ends up saving you 95% of the work on writing the repository
Hey Tiago, can you pls show your vsc extensions, I want to copy your folders image extension, and also the one who change the color of the file you are editing. thx
thanks for your videos! just one question: since your server still needs to process the request to verify whether it needs to be rate limited or not, won't this cost you if you get spammed anyway?
So there is no way around that but if I had to compute an expensive operation if I got spammed it’s way expensive than a rate limit check. That is why it’s important to have a fast rate limiter (in a fast access database like redis for example).
I could also ban an IP after to many blocks as well
@@TiagoTaquelim Can you not have a service before your API for example in cloudflare? If the ratelimit gets triggered your API won't get a single request. BTW, thanks for the video, your channel is really great.
I haven't checked Cloudflare lately since they deprecated page rules but I think you could probably set a cookie for a misbehaving client then direct Cloudflare to block all clients with that cookie. I know you could manually block IPs on CF but I'm not sure if you could actually just send it to them from your app.
If you have to let the request through, I've actually set up a CSV file right on the server that is updated by the app whenever there's an egregious IP address. The file is checked before every request before anything even hits my Redis cache or DB. I've had it happen where I've had so many requests from so many bad IPs at once that even my Redis instance maxed it's connection limit so the file on each app server just keeps any really bad requester from even making a connection.
@@SiebeBaree Yes that exists as well!
You have to think of security in layers.
Hi Tiago, which font are you using in your text editor in this video?
I think it's called Menlo
Just curious,Why don't you use gorm
Once you go beyond simple CRUD queries, the generated SQL can get pretty messy/inefficient, search up n+1 problem. ORMs are getting better at generating SQL, but for me I like to use sqlc and just write it myself then generate the go code + interface. Ends up saving you 95% of the work on writing the repository
Don’t use Gorm please 😬