Skip to content

[ARCH] Implement Redis-backed rate limiting on Edge OG and Webhook endpoints #155

Description

@adityakrmishra

Description

The application currently exposes the /api/og/heist dynamic image generation route and the /api/webhooks/github route without application-level rate limiting. Because the OG image generation relies on the Edge runtime and resource-intensive image computation, it is susceptible to resource exhaustion attacks. Similarly, webhook endpoints currently process all incoming requests, creating a vector for spam-based compute/DB usage.

Proposed Solution

1 Infrastructure: Integrate @upstash/ratelimit with a Redis backend.

2 Middleware: Implement IP-based rate limiting in middleware.ts for all /api/og/* routes (Threshold: 20 req/min).

3 API Level: Implement repository-ID-based rate limiting in the GitHub webhook route to prioritize valid CI/CD event processing.

Metadata

Metadata

Labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions