feat: add overload-protection (#27612)

* feat: add overload-protection

* Update middleware/overload-protection.js

Co-authored-by: Peter Bengtsson <mail@peterbe.com>

* fix: tests

Co-authored-by: Peter Bengtsson <mail@peterbe.com>

middleware/index.js

@@ -64,6 +64,7 @@ import assetPreprocessing from './asset-preprocessing.js'
 import archivedAssetRedirects from './archived-asset-redirects.js'
 import favicons from './favicons.js'
 import setStaticAssetCaching from './static-asset-caching.js'
+import protect from './overload-protection.js'
 
 const { DEPLOYMENT_ENV, NODE_ENV } = process.env
 const isDevelopment = NODE_ENV === 'development'
@@ -117,6 +118,12 @@ export default function (app) {
   //
   app.set('trust proxy', true)
 
+  // *** Overload Protection ***
+  // Only used in production because our tests can overload the server
+  if (process.env.NODE_ENV === 'production') {
+    app.use(protect)
+  }
+
   // *** Request logging ***
   // Enabled in development and azure deployed environments
   // Not enabled in Heroku because the Heroku router + papertrail already logs the request information

middleware/overload-protection.js

@@ -0,0 +1,10 @@
+import overloadProtection from 'overload-protection'
+
+const config = {
+  production: process.env.NODE_ENV !== 'development',
+  errorPropagationMode: false, // dictate behavior: take over the response or propagate an error to the framework [default false]
+  logging: false,
+  logStatsOnReq: false,
+}
+
+export default overloadProtection('express', config)

package-lock.json

@@ -57,6 +57,7 @@
         "morgan": "^1.10.0",
         "msgpack5rpc": "^1.1.0",
         "next": "^11.1.3",
+        "overload-protection": "^1.2.3",
         "parse5": "^6.0.1",
         "port-used": "^2.0.8",
         "react": "^17.0.2",
@@ -13403,6 +13404,14 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
+    "node_modules/loopbench": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/loopbench/-/loopbench-1.2.0.tgz",
+      "integrity": "sha1-dgG3P1cJfHP0JqBev3gat+pJF/8=",
+      "dependencies": {
+        "xtend": "^4.0.1"
+      }
+    },
     "node_modules/loose-envify": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
@@ -15716,6 +15725,14 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/overload-protection": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/overload-protection/-/overload-protection-1.2.3.tgz",
+      "integrity": "sha512-b7XZbmhujnqNoK0Z6NPzA/nhfQnE08ZTHSzzjTMwegb5N9oBAAApx3f9u2R/f3VGaACTQj6QJnGUfX1oFttqfg==",
+      "dependencies": {
+        "loopbench": "^1.2.0"
+      }
+    },
     "node_modules/p-cancelable": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.1.1.tgz",
@@ -32383,6 +32400,14 @@
       "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-3.0.0.tgz",
       "integrity": "sha512-XhUjWR5CFaQ03JOP+iSDS9koy8T5jfoImCZ4XprElw3BXsSk4MpVYOLw/6LTDKZhO13PlAXnB5gS4MHQTpkSOw=="
     },
+    "loopbench": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/loopbench/-/loopbench-1.2.0.tgz",
+      "integrity": "sha1-dgG3P1cJfHP0JqBev3gat+pJF/8=",
+      "requires": {
+        "xtend": "^4.0.1"
+      }
+    },
     "loose-envify": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
@@ -34063,6 +34088,14 @@
       "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=",
       "devOptional": true
     },
+    "overload-protection": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/overload-protection/-/overload-protection-1.2.3.tgz",
+      "integrity": "sha512-b7XZbmhujnqNoK0Z6NPzA/nhfQnE08ZTHSzzjTMwegb5N9oBAAApx3f9u2R/f3VGaACTQj6QJnGUfX1oFttqfg==",
+      "requires": {
+        "loopbench": "^1.2.0"
+      }
+    },
     "p-cancelable": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.1.1.tgz",

package.json

@@ -59,6 +59,7 @@
     "morgan": "^1.10.0",
     "msgpack5rpc": "^1.1.0",
     "next": "^11.1.3",
+    "overload-protection": "^1.2.3",
     "parse5": "^6.0.1",
     "port-used": "^2.0.8",
     "react": "^17.0.2",