feat(tunnel): add rate limiting, access logging, and monitoring for tunnel operations#285
Conversation
|
Thanks @DeryFerd — adding abuse controls around tunnels is a good instinct, and the test coverage on both modules (the window-reset and per-user-isolation cases especially) makes the change easy to reason about. The self-or-admin carve-out on Both new subsystems reinvent patterns the codebase already hasAccess logging → use the persistent audit log, not an in-memory store. Admin gating → use Please clarify the threat model in the descriptionThe framing is "automated abuse / malicious traffic," but tunnel access is invite-gated — every caller is an authenticated user. Two things follow: Missing pieces
Minor
Could you take a look by June 1, 2026? If you can't respond by then, I'll close this as auto-stale — you can reopen anytime once you're back. Happy to pair on the audit-log wiring if that's useful. |
|
Hi @ArgaFairuz, thanks for the thorough audit — all feedback addressed: Changes made1. Persistent audit log (replaces in-memory store)
2. \ADMIN_ONLY_ROUTES\ (no inline role checks)
3. Threat model reframed
4. Handler-level regression tests
5. Minor fixes
\�un run check\ / \�un run lint\ / \�un test\ all pass. |
…LY_ROUTES, handler tests - Replace in-memory tunnel-access-log.ts with persistent tunnel-audit-logger.ts using auditLogQueries.logEvent() for durable storage - Add tunnel:monitoring:access-logs and tunnel:monitoring:statistics to ADMIN_ONLY_ROUTES (no inline role checks) - Rename monitoring endpoints to tunnel:monitoring:* namespace - Add handler-level regression tests for rate limiting and admin access control - Store cleanup timer handle in TunnelRateLimiter (no dangling interval) - Remove userAgent from metadata (not available on WSServer)
Problem
The Tunnel feature allows users to expose local ports to the internet through quick tunnels and remote tunnels. Currently, there's no visibility into tunnel usage and no protection against abuse:
This makes the tunnel feature vulnerable to abuse and difficult to operate in production environments where compliance and security monitoring are required.
Changes
Added comprehensive rate limiting, access logging, and monitoring capabilities to the tunnel system:
New file:
backend/tunnel/tunnel-rate-limiter.tsNew file:
backend/tunnel/tunnel-access-log.tsUpdated:
backend/ws/tunnel/operations.tstunnel:quick-startandtunnel:remote-starthandlerstunnel:access-logs- Retrieve recent access logs (up to 1,000 entries)tunnel:statistics- Get system-wide tunnel usage statisticstunnel:rate-limit-status- Check rate limit status for any user (users can check their own)New files: Test suites
backend/tunnel/tunnel-access-log.test.ts- 8 tests covering logging, queries, and statisticsbackend/tunnel/tunnel-rate-limiter.test.ts- 8 tests covering rate limiting, window resets, and admin functionsSecurity & Operational Benefits
Rate Limiting:
Access Logging:
Monitoring:
Validation
✅ All tests pass (16/16 total: 8 access log + 8 rate limiter)
✅ Type checking passes
✅ Linting passes
Configuration
The rate limiter is currently configured with:
These values can be adjusted in
tunnel-rate-limiter.tsbased on production usage patterns.Backward Compatibility
This is a non-breaking change: