One of the concerns regarding impact-graph reliability is issues may happen through validating the jwt token in requests with the authentication server.

We must have a test routine/practice to load many requests with valid jwt on impact-graph in a short time and see whether they are successful or not.

The requirements of the test:

1. The test JWT must be valid
2. The requester/agent must be able to request impact-graph limitless (be excluded from impact-graph, nginx or caddy rate limit)
3. The test must be scheduled to be run regularly (once per day) and report the result if any issue happens.

FYI @mohammadranjbarz @CarlosQ96 @mhmdksh

@geleeroyale Let us know if you need any help from dev team or our testing specialist @maryjaf

Yea I will need help with creating the Jwt and validating it against the backend.

Yea I will need help with creating the Jwt and validating it against the backend.

@CarlosQ96 can you help them with it? Maybe creating a code snippet to build a valid JWT and introducing a simple query that needs validating JWT and doesn't require executing complex query on backend (e.g. getting like status).
@geleeroyale would it be helpful for you?

@mohammadranjbarz @mhmdksh Would you please collaborate on this? Actually, the rate limiting tests are not complete without having a scenario including valid JWT (an include requests between impact-graph and auth server)

Yea I will need help with creating the Jwt and validating it against the backend.

@CarlosQ96 can you help them with it? Maybe creating a code snippet to build a valid JWT and introducing a simple query that needs validating JWT and doesn't require executing complex query on backend (e.g. getting like status). @geleeroyale would it be helpful for you?

@geleeroyale @mhmdksh If you need any help regarding this issue, please let me know

@mohammadranjbarz Yes we need your presence for the stress tests and opinion about what specific scenarios we can do to push the performance limits as well as identify further bottlenecks. We can do that after pushing the changes of our backend stack to production

This was completed by @mohammadranjbarz - he shared some insights with us. If we want to incorporate stress test into our CI/CD pipeline, or have it on demand via GitHub actions - we can do that, but it should be a separate issue.

@aminlatifi we can close this one.

This was completed by @mohammadranjbarz - he shared some insights with us. If we want to incorporate stress test into our CI/CD pipeline, or have it on demand via GitHub actions - we can do that, but it should be a separate issue.

@aminlatifi we can close this one.

@geleeroyale Can devops team run stress testing with valid JWT without dev team support? Mohammad will be off the rest of the week.

@maryjaf steped forward to help with stress testing.
Maryam the DevOps team has conducted this stress test as well without JWT token AFAIK https://github.com/Giveth/devops/issues/179

This task aims to perform stress tests that cover various authentication situations as well, e.g. JWT token valid, invalid, without. The rationale of this variety is experimenting authentication service availability as well as impact-graph availability.

I've executed a request with jwt Token by postman performance test tool, and this is a result of run with 40 virtual user in 2 mins

These look good to me, @maryjaf are the requests performed from different IP sources?? Please take into account that these are not done from our Whitelisted VPN. As it has a more relaxed rate limiting policy

Yeah, I run this test with outline server: on
and if run with vpn:off, I got 429 (rate limit error )

Perfect tests @maryjaf

@jainkrati Taking into consideration the stress test values above. And knowing that we are targeting a specific number of users/minute. What do you think is the right rate limit value to be set in that case????

@maryjaf Was your jwt token valid? how did you create that? and use single one for all 40 virtual users?

Yeah it is a valid token and all request had a same authorization header,
I try to set a javascript code to generate different signature and after that different token but I haven't find a solution yet, postman doesnt support web3 module

What's the status of this issue? can we call it done?

Yeah it is a valid token and all request had a same authorization header, I try to set a javascript code to generate different signature and after that different token but I haven't find a solution yet, postman doesnt support web3 module

So, you may be able to generate multiple jwt tokens out of Postman and import them there. Do you think that will solve your issue?

Yeah it is a valid token and all request had a same authorization header, I try to set a javascript code to generate different signature and after that different token but I haven't find a solution yet, postman doesnt support web3 module

So, you may be able to generate multiple jwt tokens out of Postman and import them there. Do you think that will solve your issue?

Yeah, in previous test I generated token out of postman and run a request
I can do it with multiple jwt
but this token would be expired and if we wanna to have a schedule run, the new file should be generated based on token lifetime

@maryjaf I found out Postman allows you to load a library from CDN, here. Web3 version 4 is downloadable from a cdn server (https://cdnjs.com/libraries/web3)

Yeah, in previous test I generated token out of postman and run a request
I can do it with multiple jwt

Report of running some request with 4 different jwt tokens :

Giveth-Collection-performance-report-11.pdf

@geleeroyale @mhmdksh to come back on estimate of date of completion fo rthis

@maryjaf can you close this issue if there are no errors you observed?