Skip to content

Anonymous: Add configurable device limit #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
akshayutture-augment wants to merge 1 commit into
base: enhance-anonymous-access
Choose a base branch
from
Open

Anonymous: Add configurable device limit #10

akshayutture-augment wants to merge 1 commit into from

Conversation

@akshayutture-augment
Copy link

@akshayutture-augment akshayutture-augment commented Nov 13, 2025

@Jguer @eleijonmarck
Anonymous: Add configurable device limit (#79265)
3647ba7 
* Anonymous: Add device limiter

* break auth if limit reached

* fix typo

* refactored const to make it clearer with expiration

* anon device limit for config

---------

Co-authored-by: Eric Leijonmarck <[email protected]>
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Nov 13, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

pkg/services/anonymous/anonimpl/impl.go
Comment on lines 144 to +147
err = a.tagDeviceUI(ctx, httpReq, taggedDevice)
if err != nil {
a.log.Debug("Failed to tag device for UI", "error", err)
return err
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Do not cache failed device tags

The new error propagation in TagDevice (lines 144‑147) means we now rely on tagDeviceUI failing with ErrDeviceLimitReached to block additional anonymous devices. However, tagDeviceUI still writes the device key into the local cache before it calls CreateOrUpdateDevice, and it never clears that entry when the store returns an error. As a result, when a new device first hits the limit the request fails once, but the cache entry remains for ~29 minutes and every subsequent request short‑circuits out of tagDeviceUI without touching the DB, so ErrDeviceLimitReached is never raised again and the same device is allowed to authenticate despite the configured limit. To actually enforce the limit you need to only cache after a successful store (or remove the cache entry when CreateOrUpdateDevice errors) so that each retry keeps hitting the limit check.

Useful? React with 👍 / 👎.

@github-actions
Copy link

github-actions bot commented Dec 14, 2025

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update or ping for review. Thank you for your contributions!

@github-actions github-actions bot added the stale label Dec 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akshayutture-augment @Jguer