Is the API down? Thanks!

[redesigned]

https://countriesnow.space/api/v0.1/countries/states

[MartinsOnuoha]

Hi, sorry about this, it's not down, you can check the endpoint again.

[xXAvoraXx]

same question

[thomascjenks]

The endpoint seems to be broken again.

[MartinsOnuoha]

@thomascjenks @xXAvoraXx can you give a bit more detail how you got the error?

[xXAvoraXx]

@thomascjenks @xXAvoraXx can you give a bit more detail how you got the error?

problem fixed.

[TimAagaard]

@MartinsOnuoha Same error is still happening today. Was happening intermittently the last few days as well.

https://countriesnow.space/ shows "Application Error" from above responses.

Trying to hit the endpoints results in an HTTP 503 error code

[MartinsOnuoha]

Hey guys, @TimAagaard , @xXAvoraXx @redesigned the API itself is fine. I believe someone might be using it wrongly and perhaps making heavy requests or had an infinite loop bug that caused multiple requests for about 30 minutes. Then everything came back up. I'd set up another monitoring tool (might be expensive) to pick out the faulting source IP or client. and blacklist it.

If this makes sense, can we consider this issue resolved?

[nataliiaprecoro]

It's still down. The issue can not be resolved.

[MartinsOnuoha]

It's back up now, there's an underlying problem, and it has to do with the fact that we run on heroku's free dyno, and some folks might be misusing the service.

[nataliiaprecoro]

It seems like it doesn't work.

[MartinsOnuoha]

Hey @nataliiaprecoro The API is up now

[TimAagaard]

@MartinsOnuoha I would recommend implementing fail2ban to monitor your log files and ban IPs if they go over a threshold...or build it into the source code.

Something like 200 requests in a minute by same IP gives a 5 minute ban or something like that. Something that will prevent abuse and keep the server up for everyone while rate limiting abusers and being a mild inconvenience...a 5 minute ban for heavy or abusive users keeps the service up for everyone but forces heavy or abusive users out of commission for a few minutes.

I am willing to assist in setting up fail2ban or any code changes needed but would need to know how it's operating in heroku...looks like you have a master json pulled from an environment variable and a redis setup so...I doubt I could get this working locally without some help.

[MartinsOnuoha]

Hey Tim @TimAagaard, that sounds like a great idea. I had thought of setting up a rate limiter, however I also have to consider the most cost effective. I had a look at fail2ban but I’m not too sure if it would be right for us at this time, I figured we could use a 3rd party library like express-rate-limit.

Would you like to work on integrating this library and applying it to all requests?

[xXAvoraXx]

The API is great, I love it, is it possible to add symbols to currencies? For example, the symbol for the dollar is '$'.

[TimAagaard]

@MartinsOnuoha Sure thing! I implemented express-rate-limit last night real quick for all /api routes and I'm seeing the headers in the response...so it should be working but I'll test it out tonight. I put the rate limiter config object in /config. You'll have to tune that to what the server can handle and if you're behind a load balancer you'll have to increment a variable by the number of proxies.

Expect a PR in a couple hours when I get off work.

[MartinsOnuoha]

The API is great, I love it, is it possible to add symbols to currencies? For example, the symbol for the dollar is '$'.

hey @xXAvoraXx I’m glad it’s been useful for you, symbols does sounds like an interesting idea, here’s what you can do, create a new issue about this so we can all follow up on the possibilities of having this feature, and also not lose the conversation within this issue.

[MartinsOnuoha]

@MartinsOnuoha Sure thing! I implemented express-rate-limit last night real quick for all /api routes and I'm seeing the headers in the response...so it should be working but I'll test it out tonight. I put the rate limiter config object in /config. You'll have to tune that to what the server can handle and if you're behind a load balancer you'll have to increment a variable by the number of proxies.

Expect a PR in a couple hours when I get off work.

Awesome!! 🏄🏼‍♂️, I’ll be on standby, let me know how it goes

[xXAvoraXx]

@MartinsOnuoha Sure thing! I implemented express-rate-limit last night real quick for all /api routes and I'm seeing the headers in the response...so it should be working but I'll test it out tonight. I put the rate limiter config object in /config. You'll have to tune that to what the server can handle and if you're behind a load balancer you'll have to increment a variable by the number of proxies. Expect a PR in a couple hours when I get off work.

Awesome!! 🏄🏼‍♂️, I’ll be on standby, let me know how it goes

API down again.

[TimAagaard]

@MartinsOnuoha PR sent and pending your review.

All unit tests still passing. Confirmed rate-limit by holding ctrl+shift+r in browser until I got the rate-limit response.

You might have to alter config/rateLimit.js::numberOfProxies if you're behind a load-balancer or 2. Just increment that value by 1 until it stops breaking. Can be tested further on your server by adding the route listed here: https://www.npmjs.com/package/express-rate-limit#troubleshooting-proxy-issues

[TimAagaard]

@MartinsOnuoha API was down again today. Any chance of getting that PR reviewed and deployed over the weekend?

[MartinsOnuoha]

Hey Tim, I’m having look at the MR right now