mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 07:51:13 -05:00
ed6ddbd04b
Create shared rateLimitConfig.ts with tiers (strict, moderate, lenient, generous, per-user variants) and update edge functions to import centralized rate limiters. Replace inline rate limiter usage with new config, preserving backward compatibility. Add documentation guide for rate limiting usage.
175 lines
5.0 KiB
TypeScript
175 lines
5.0 KiB
TypeScript
/**
|
|
* Centralized Rate Limiting Configuration for Edge Functions
|
|
*
|
|
* Provides standardized rate limit tiers that can be imported by any edge function.
|
|
* This ensures consistent rate limiting behavior across the application.
|
|
*/
|
|
|
|
import { RateLimitConfig } from './rateLimiter.ts';
|
|
|
|
/**
|
|
* Rate Limit Tier Definitions
|
|
*
|
|
* Choose the appropriate tier based on the operation cost and abuse risk:
|
|
*
|
|
* - **STRICT**: For expensive operations (uploads, exports, data modifications)
|
|
* - **MODERATE**: For standard API operations (moderation actions, content creation)
|
|
* - **STANDARD**: For typical read/write operations (most endpoints)
|
|
* - **LENIENT**: For lightweight read operations (cached data, public endpoints)
|
|
* - **GENEROUS**: For high-frequency operations (polling, real-time updates)
|
|
*/
|
|
|
|
// Base time window for all rate limiters (1 minute)
|
|
const RATE_LIMIT_WINDOW_MS = 60000;
|
|
|
|
/**
|
|
* STRICT: 5 requests per minute
|
|
*
|
|
* Use for:
|
|
* - File uploads (images, documents)
|
|
* - Data exports
|
|
* - Batch operations
|
|
* - Resource-intensive computations
|
|
* - CloudFlare API calls
|
|
*
|
|
* Examples: upload-image, export-user-data
|
|
*/
|
|
export const RATE_LIMIT_STRICT: RateLimitConfig = {
|
|
windowMs: RATE_LIMIT_WINDOW_MS,
|
|
maxRequests: 5,
|
|
};
|
|
|
|
/**
|
|
* MODERATE: 10 requests per minute
|
|
*
|
|
* Use for:
|
|
* - Moderation actions (approve, reject)
|
|
* - Content submission
|
|
* - User profile updates
|
|
* - Email sending
|
|
* - Notification triggers
|
|
*
|
|
* Examples: process-selective-approval, process-selective-rejection, submit-entity-edit
|
|
*/
|
|
export const RATE_LIMIT_MODERATE: RateLimitConfig = {
|
|
windowMs: RATE_LIMIT_WINDOW_MS,
|
|
maxRequests: 10,
|
|
};
|
|
|
|
/**
|
|
* STANDARD: 20 requests per minute
|
|
*
|
|
* Use for:
|
|
* - Standard read/write operations
|
|
* - Search endpoints
|
|
* - Contact forms
|
|
* - Account management
|
|
* - Authentication operations
|
|
*
|
|
* Examples: send-contact-message, request-account-deletion, validate-email
|
|
*/
|
|
export const RATE_LIMIT_STANDARD: RateLimitConfig = {
|
|
windowMs: RATE_LIMIT_WINDOW_MS,
|
|
maxRequests: 20,
|
|
};
|
|
|
|
/**
|
|
* LENIENT: 30 requests per minute
|
|
*
|
|
* Use for:
|
|
* - Lightweight read operations
|
|
* - Cached data retrieval
|
|
* - Public endpoint queries
|
|
* - Status checks
|
|
* - Location detection
|
|
*
|
|
* Examples: detect-location, check-transaction-status
|
|
*/
|
|
export const RATE_LIMIT_LENIENT: RateLimitConfig = {
|
|
windowMs: RATE_LIMIT_WINDOW_MS,
|
|
maxRequests: 30,
|
|
};
|
|
|
|
/**
|
|
* GENEROUS: 60 requests per minute
|
|
*
|
|
* Use for:
|
|
* - High-frequency polling
|
|
* - Real-time updates
|
|
* - Webhook receivers
|
|
* - Health checks
|
|
* - Internal service-to-service calls
|
|
*
|
|
* Examples: novu-webhook, scheduled-maintenance
|
|
*/
|
|
export const RATE_LIMIT_GENEROUS: RateLimitConfig = {
|
|
windowMs: RATE_LIMIT_WINDOW_MS,
|
|
maxRequests: 60,
|
|
};
|
|
|
|
/**
|
|
* PER_USER: 20 requests per minute (default)
|
|
*
|
|
* Use for authenticated endpoints where you want to rate limit per user ID
|
|
* rather than per IP address. Useful for:
|
|
* - User-specific operations
|
|
* - Preventing account abuse
|
|
* - Per-user quotas
|
|
*
|
|
* Can be customized with different request counts:
|
|
* - perUserStrict: 5 req/min
|
|
* - perUserModerate: 10 req/min
|
|
* - perUserStandard: 20 req/min (default)
|
|
* - perUserLenient: 40 req/min
|
|
*/
|
|
export const RATE_LIMIT_PER_USER_STRICT: RateLimitConfig = {
|
|
windowMs: RATE_LIMIT_WINDOW_MS,
|
|
maxRequests: 5,
|
|
keyGenerator: (req: Request) => {
|
|
// Extract user ID from Authorization header JWT
|
|
const authHeader = req.headers.get('Authorization');
|
|
if (authHeader) {
|
|
try {
|
|
const token = authHeader.replace('Bearer ', '');
|
|
const payload = JSON.parse(atob(token.split('.')[1]));
|
|
return `user:${payload.sub}`;
|
|
} catch {
|
|
// Fall back to IP if JWT parsing fails
|
|
return req.headers.get('x-forwarded-for')?.split(',')[0] || '0.0.0.0';
|
|
}
|
|
}
|
|
return req.headers.get('x-forwarded-for')?.split(',')[0] || '0.0.0.0';
|
|
}
|
|
};
|
|
|
|
export const RATE_LIMIT_PER_USER_MODERATE: RateLimitConfig = {
|
|
...RATE_LIMIT_PER_USER_STRICT,
|
|
maxRequests: 10,
|
|
};
|
|
|
|
export const RATE_LIMIT_PER_USER_STANDARD: RateLimitConfig = {
|
|
...RATE_LIMIT_PER_USER_STRICT,
|
|
maxRequests: 20,
|
|
};
|
|
|
|
export const RATE_LIMIT_PER_USER_LENIENT: RateLimitConfig = {
|
|
...RATE_LIMIT_PER_USER_STRICT,
|
|
maxRequests: 40,
|
|
};
|
|
|
|
/**
|
|
* Rate Limit Tier Summary
|
|
*
|
|
* | Tier | Requests/Min | Use Case |
|
|
* |-------------------|--------------|-----------------------------------|
|
|
* | STRICT | 5 | Expensive operations, uploads |
|
|
* | MODERATE | 10 | Moderation, submissions |
|
|
* | STANDARD | 20 | Standard read/write operations |
|
|
* | LENIENT | 30 | Lightweight reads, public data |
|
|
* | GENEROUS | 60 | Polling, webhooks, health checks |
|
|
* | PER_USER_STRICT | 5/user | User-specific expensive ops |
|
|
* | PER_USER_MODERATE | 10/user | User-specific moderation |
|
|
* | PER_USER_STANDARD | 20/user | User-specific standard ops |
|
|
* | PER_USER_LENIENT | 40/user | User-specific frequent ops |
|
|
*/
|