Skip to content

fix: add API rate limiting via Upstash Redis (#3)#114

Merged
Rayan9064 merged 1 commit into
mainfrom
fix/api-rate-limiting
Jul 15, 2026
Merged

fix: add API rate limiting via Upstash Redis (#3)#114
Rayan9064 merged 1 commit into
mainfrom
fix/api-rate-limiting

Conversation

@Rayan9064

@Rayan9064 Rayan9064 commented Jul 15, 2026

Copy link
Copy Markdown
Owner

Summary by CodeRabbit

  • New Features
    • Added rate limiting for authenticated requests, public access, and AI queries.
    • Requests exceeding configured limits now receive a clear “Too Many Requests” response with retry timing details.
    • Applied protection to resource browsing and AI answer-generation endpoints.
    • Rate limiting remains inactive when configuration is unavailable, preserving existing functionality.

@vercel

vercel Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dumpit Building Building Preview, Comment Jul 15, 2026 6:25pm

@Rayan9064 Rayan9064 merged commit ca0f76d into main Jul 15, 2026
3 of 4 checks passed
@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 97c024ef-b33c-470c-bfca-04f6e079cda7

📥 Commits

Reviewing files that changed from the base of the PR and between 4157412 and 74fa0d2.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (5)
  • app/api/_utils/rateLimit.ts
  • app/api/ai/ask/route.ts
  • app/api/public-resources/route.ts
  • app/api/resources/route.ts
  • package.json

📝 Walkthrough

Walkthrough

Adds Upstash Redis-backed rate limiting for authenticated, public, and AI requests, then enforces the checks in selected API routes before their existing processing continues.

Changes

API rate limiting

Layer / File(s) Summary
Rate-limit utility and dependencies
app/api/_utils/rateLimit.ts, package.json
Adds lazy Redis-backed sliding-window limiters for authenticated users, public client IPs, and AI requests, with standardized 429 responses and fail-open behavior when credentials are unavailable.
API route enforcement
app/api/ai/ask/route.ts, app/api/public-resources/route.ts, app/api/resources/route.ts
Applies rate-limit checks after authentication or before public queries and returns early when a limit is exceeded.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant ApiRoute
  participant rateLimit
  participant UpstashRedis
  Client->>ApiRoute: Send API request
  ApiRoute->>rateLimit: Check request limit
  rateLimit->>UpstashRedis: Evaluate category key
  UpstashRedis-->>rateLimit: Return limit result
  rateLimit-->>ApiRoute: Return null or 429 response
  ApiRoute-->>Client: Continue handler or return 429
Loading
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/api-rate-limiting

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install timed out. The project may have too many dependencies for the sandbox.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant