Script v2: Rate limit tech detection (#5701)

* Rate limit tech detection

* Add tests

* Fix tests

* Unify rate limit key format

* Move capture log to tags

Author: apata

lib/plausible/installation_support/detection/checks.ex

@@ -43,4 +43,26 @@ defmodule Plausible.InstallationSupport.Detection.Checks do
       state.url
     )
   end
+
+  @unthrottled_checks 3
+  @first_slowdown_ms 1000
+  def run_with_rate_limit(url, data_domain, opts \\ []) do
+    case Plausible.RateLimit.check_rate(
+           "site_detection:#{data_domain}",
+           :timer.minutes(60),
+           10
+         ) do
+      {:allow, count} when count <= @unthrottled_checks ->
+        {:ok, run(url, data_domain, opts)}
+
+      {:allow, count} when count > @unthrottled_checks ->
+        # slowdown steps 1x, 4x, 9x, 16x, ...
+        slowdown_ms = @first_slowdown_ms * (count - @unthrottled_checks) ** 2
+        :timer.sleep(slowdown_ms)
+        {:ok, run(url, data_domain, opts)}
+
+      {:deny, limit} ->
+        {:error, {:rate_limit_exceeded, limit}}
+    end
+  end
 end

lib/plausible_web/live/change_domain_v2.ex

@@ -173,24 +173,22 @@ defmodule PlausibleWeb.Live.ChangeDomainV2 do
     end
 
     defp run_detection(domain) do
-      detection_result =
-        Detection.Checks.run(nil, domain,
-          detect_v1?: true,
-          report_to: nil,
-          async?: false,
-          slowdown: 0
-        )
-        |> Detection.Checks.interpret_diagnostics()
-
-      case detection_result do
-        %Result{
-          ok?: true,
-          data: data
-        } ->
-          {:ok, %{detection_result: data}}
-
+      with {:ok, detection_result} <-
+             Detection.Checks.run_with_rate_limit(nil, domain,
+               detect_v1?: true,
+               report_to: nil,
+               async?: false,
+               slowdown: 0
+             ),
+           %Result{ok?: true, data: data} <-
+             Detection.Checks.interpret_diagnostics(detection_result) do
+        {:ok, %{detection_result: data}}
+      else
         %Result{ok?: false, errors: errors} ->
           {:error, List.first(errors, :unknown_reason)}
+
+        {:error, {:rate_limit_exceeded, _}} ->
+          {:error, :rate_limit_exceeded}
       end
     end
   else

lib/plausible_web/live/installationv2.ex

@@ -206,24 +206,18 @@ defmodule PlausibleWeb.Live.InstallationV2 do
 
   on_ee do
     defp detect_recommended_installation_type(flow, site) do
-      detection_result =
-        Detection.Checks.run(nil, site.domain,
-          detect_v1?: flow == Flows.review(),
-          report_to: nil,
-          slowdown: 0,
-          async?: false
-        )
-        |> Detection.Checks.interpret_diagnostics()
-
-      case detection_result do
-        %Result{
-          ok?: true,
-          data: %{suggested_technology: suggested_technology, v1_detected: v1_detected}
-        } ->
-          {suggested_technology, v1_detected}
-
-        _ ->
-          {"manual", false}
+      with {:ok, detection_result} <-
+             Detection.Checks.run_with_rate_limit(nil, site.domain,
+               detect_v1?: flow == Flows.review(),
+               report_to: nil,
+               slowdown: 0,
+               async?: false
+             ),
+           %Result{ok?: true, data: data} <-
+             Detection.Checks.interpret_diagnostics(detection_result) do
+        {data.suggested_technology, data.v1_detected}
+      else
+        _ -> {"manual", false}
       end
     end
   else

lib/plausible_web/live/verification.ex

@@ -140,7 +140,7 @@ defmodule PlausibleWeb.Live.Verification do
       {:noreply, socket}
     else
       case Plausible.RateLimit.check_rate(
-             "site_verification_#{socket.assigns.domain}",
+             "site_verification:#{socket.assigns.domain}",
              :timer.minutes(60),
              3
            ) do

test/plausible_web/live/change_domain_v2_test.exs

@@ -4,7 +4,6 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
 
   import Phoenix.LiveViewTest
   import Plausible.TestUtils
-  import ExUnit.CaptureLog
   import Plausible.Test.Support.HTML
 
   on_ee do
@@ -88,7 +87,7 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
       end
 
       original_domain = site.domain
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
@@ -111,14 +110,14 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
       end
 
       original_domain = site.domain
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
       |> element("form")
       |> render_submit(%{site: %{domain: new_domain}})
 
-      assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
       html = render_async(lv, 500)
       assert html =~ "Domain Changed Successfully"
@@ -164,14 +163,14 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
         "wordpressPlugin" => true
       })
 
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
       |> element("form")
       |> render_submit(%{site: %{domain: new_domain}})
 
-      assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
       html = render_async(lv, 500)
       assert html =~ "<i>must</i>"
@@ -197,14 +196,14 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
         "wordpressPlugin" => false
       })
 
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
       |> element("form")
       |> render_submit(%{site: %{domain: new_domain}})
 
-      assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
       html = render_async(lv, 500)
       assert html =~ "<i>must</i>"
@@ -228,14 +227,14 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
         "wordpressPlugin" => false
       })
 
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
       |> element("form")
       |> render_submit(%{site: %{domain: new_domain}})
 
-      assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
       html = render_async(lv, 500)
       refute html =~ "Additional Steps Required"
@@ -258,14 +257,14 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
         "wordpressPlugin" => false
       })
 
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
       |> element("form")
       |> render_submit(%{site: %{domain: new_domain}})
 
-      assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
       html = render_async(lv, 500)
       assert html =~ "<i>must</i>"
@@ -279,41 +278,78 @@ defmodule PlausibleWeb.Live.ChangeDomainV2Test do
              )
     end
 
-    @tag :ee_only
+    @tag ee_only: true, capture_log: true
+    test "ratelimit is respected: browserless request isn't made and the notice is generic", %{
+      conn: conn,
+      site: site
+    } do
+      new_domain = "new.#{site.domain}"
+
+      # exceed the rate limit for site detection
+      Plausible.RateLimit.check_rate(
+        Plausible.RateLimit,
+        "site_detection:#{new_domain}",
+        :timer.minutes(60),
+        1,
+        100
+      )
+
+      # stub won't be used, if it were used, the output would be different
+      stub_detection_result(%{
+        "v1Detected" => false,
+        "gtmLikely" => false,
+        "wordpressLikely" => false,
+        "wordpressPlugin" => false
+      })
+
+      {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
+
+      lv
+      |> element("form")
+      |> render_submit(%{site: %{domain: new_domain}})
+
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
+
+      html = render_async(lv, 500)
+      assert html =~ "Additional Steps Required"
+      assert html =~ "<i>must</i>"
+      assert html =~ "also update the site"
+      assert html =~ "Plausible Installation"
+    end
+
+    @tag ee_only: true, capture_log: true
     test "success page handles detection error gracefully", %{conn: conn, site: site} do
       stub_detection_error()
 
-      capture_log(fn ->
-        new_domain = "new-example.com"
-        {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
+      new_domain = "new.#{site.domain}"
+      {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
-        lv
-        |> element("form")
-        |> render_submit(%{site: %{domain: new_domain}})
+      lv
+      |> element("form")
+      |> render_submit(%{site: %{domain: new_domain}})
 
-        assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
-        html = render_async(lv, 500)
-        assert html =~ "Additional Steps Required"
-        assert html =~ "<i>must</i>"
-        assert html =~ "also update the site"
-        assert html =~ "Plausible Installation"
-      end)
+      html = render_async(lv, 500)
+      assert html =~ "Additional Steps Required"
+      assert html =~ "<i>must</i>"
+      assert html =~ "also update the site"
+      assert html =~ "Plausible Installation"
     end
 
     @tag :ce_build_only
     test "success page shows generic v1 notice for CE", %{
       conn: conn,
       site: site
     } do
-      new_domain = "new-example.com"
+      new_domain = "new.#{site.domain}"
       {:ok, lv, _html} = live(conn, "/#{site.domain}/change-domain-v2")
 
       lv
       |> element("form")
       |> render_submit(%{site: %{domain: new_domain}})
 
-      assert_patch(lv, "/#{new_domain}/change-domain-v2/success")
+      assert_patch(lv, "/#{URI.encode_www_form(new_domain)}/change-domain-v2/success")
 
       html = render_async(lv, 500)
       notice = text_of_element(html, "div[data-testid='ce-generic-notice']")

test/plausible_web/live/installationv2_test.exs

@@ -372,6 +372,31 @@ defmodule PlausibleWeb.Live.InstallationV2Test do
       assert text(html) =~ "We've detected your website is using WordPress"
     end
 
+    @tag :ee_only
+    test "if ratelimit for detection is exceeded, does not make detection request and falls back to recommending manual installation",
+         %{conn: conn, site: site} do
+      stub_dns_lookup_a_records(site.domain)
+
+      # exceed the rate limit for site detection
+      Plausible.RateLimit.check_rate(
+        Plausible.RateLimit,
+        "site_detection:#{site.domain}",
+        :timer.minutes(60),
+        1,
+        100
+      )
+
+      # this won't be used: if it were used, the output would be different
+      stub_detection_wordpress()
+
+      {lv, _} = get_lv(conn, site)
+
+      html = render_async(lv, 500)
+
+      refute text(html) =~ "We've detected your website is using WordPress"
+      assert text(html) =~ "Verify Script installation"
+    end
+
     @tag :ee_only
     test "detected GTM installation shows special message", %{conn: conn, site: site} do
       stub_dns_lookup_a_records(site.domain)