ottomata/acsm
1
0
Fork 0
Code Issues 54 Pull requests Projects 5 Releases Packages Wiki Activity Actions

API Rate Limiting #75

New issue
Open
opened 2026-02-23 10:05:49 +00:00 by ottomata · 0 comments
ottomata commented 2026-02-23 10:05:49 +00:00
Owner
Copy link

Tasks

  • Add dependency: go get golang.org/x/time/rate (or use go-chi/httprate)
  • Implement rate limiting middleware in internal/api/middleware/ratelimit.go:
    • Per-user (by JWT user_id) rate limiting
    • Configurable limits per route group:
      • Auth endpoints (/auth/*): 10 req/min (prevent brute force)
      • Run trigger (POST /jobs/:id/runs): 30 req/min per user
      • All other endpoints: 120 req/min per user
  • Return 429 Too Many Requests with header Retry-After: <seconds> when limit exceeded
  • Rate limit state is in-memory (acceptable for single-node; note in docs)
  • Write unit tests simulating burst traffic

Acceptance Criteria

  • Auth endpoint rejects more than 10 requests/minute per IP
  • Exceeding limits returns 429 with Retry-After header
  • Normal usage (well under limits) is unaffected
  • Unit tests pass
### Tasks - [ ] Add dependency: `go get golang.org/x/time/rate` (or use `go-chi/httprate`) - [ ] Implement rate limiting middleware in `internal/api/middleware/ratelimit.go`: - Per-user (by JWT `user_id`) rate limiting - Configurable limits per route group: - Auth endpoints (`/auth/*`): 10 req/min (prevent brute force) - Run trigger (`POST /jobs/:id/runs`): 30 req/min per user - All other endpoints: 120 req/min per user - [ ] Return `429 Too Many Requests` with header `Retry-After: <seconds>` when limit exceeded - [ ] Rate limit state is in-memory (acceptable for single-node; note in docs) - [ ] Write unit tests simulating burst traffic ### Acceptance Criteria - [ ] Auth endpoint rejects more than 10 requests/minute per IP - [ ] Exceeding limits returns `429` with `Retry-After` header - [ ] Normal usage (well under limits) is unaffected - [ ] Unit tests pass
ottomata added this to the Phase 8 project 2026-02-23 10:09:19 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Phase 8
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ottomata/acsm#75
No description provided.