feat(backend): add endpoint-specific API rate limits#212
Open
rishab11250 wants to merge 1 commit into
Open
Conversation
Configure per-endpoint rate limits across all major API routes: - Auth: login (5/min), register (3/hour), password reset (3/15min) - Messages: send (30/min), search (60/min) - Projects: create (100/min), mutations (20-30/min) - Search/list endpoints (60/min) across users, skills, orgs All limits are configurable via environment variables. Rate limit constants now sourced from settings instead of hardcoded. Closes nensii21#200
There was a problem hiding this comment.
🎉 Thank you for your first Pull Request to DevLink!
We appreciate your contribution to our open-source community.
Before your PR is reviewed, please ensure:
- ✅ The project builds successfully.
- ✅ Your code follows the project's coding standards.
- ✅ You have tested your changes.
- ✅ Related documentation has been updated if necessary.
Our maintainers will review your PR as soon as possible.
Thank you for helping improve DevLink! 💙
Owner
|
attached videos and screenshots showing what changes have been made also some CI jobs are failing update it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Summary
Add endpoint-specific API rate limits across all major backend routes. The existing SlowAPI rate-limit middleware was set up globally but no per-endpoint limits were applied. This change makes all limits configurable via environment variables and applies them to every security-sensitive and high-traffic endpoint.
Related Issue
Closes #200
Type of Change
Changes Made
config.py: Added 4 new settings (MESSAGE_RATE_LIMIT,SEARCH_RATE_LIMIT,PROJECT_RATE_LIMIT,PASSWORD_RESET_RATE_LIMIT); ChangedREGISTER_RATE_LIMITfrom3/minuteto3/hourper issue specrate_limit.py: All limits now sourced from config settings instead of hardcoded values; removed unusedUPLOAD_LIMITandFLARE_LIMITconstantsauth.py: Applied@limiter.limit()to all 10 endpoints — register (3/hr), login (5/min), forgot/reset-password (3/15min), change-password (5/min), verify-email (5/min), resend-verification (3/hr), refresh/logout (10/min), me (30/min)messages.py: Send message (30/min), search (60/min), update (20/min), restore/delete (10/min)projects.py: Create (100/min), update/star/unstar (30/min), archive/restore/feature/delete (20/min)users.py,skills.py,organizations.py: Search/list endpoints limited to 60/min.env/.env.example: Added all new rate limit environment variablesScreenshots (if applicable)
N/A — backend configuration change
Testing
Additional testing notes: All 8 modified Python files pass
py_compilesyntax validation. Full dependency installation (pydantic-core, ruff) requires Rust toolchain on Windows build environment.Checklist
Before submitting this pull request, confirm the following:
Additional Notes
SEARCH_LIMIT(60/min) for consistent UX100/minute) remains as a catch-all for unlisted endpoints