Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Feature rate limiting #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fulleni merged 21 commits into main from feature_rate_limiting
Jul 29, 2025
Merged
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
adcc0eb
feat(auth): introduce rate limit service interface
fulleni Jul 29, 2025
484d7db
feat(rate-limit): implement MongoDB-backed rate limit service
fulleni Jul 29, 2025
6efac46
feat(rate-limiting): implement rate limiting service
fulleni Jul 29, 2025
2f82e09
feat(database): add rate limit attempts TTL and key indexes
fulleni Jul 29, 2025
167af20
feat(middlewares): implement rate limiter middleware
fulleni Jul 29, 2025
b7e6faa
fix(error_handler): map rate limiting errors to 429 status code
fulleni Jul 29, 2025
c889ba4
feat(routes): add rate limit service to middleware
fulleni Jul 29, 2025
d2c8e7e
feat(auth): add rate limiting to request-code endpoint
fulleni Jul 29, 2025
c19ec59
lint: misc
fulleni Jul 29, 2025
f09468f
chore(env): add rate limiting configuration variables
fulleni Jul 29, 2025
9453122
feat(config): add rate limit configuration parameters
fulleni Jul 29, 2025
65f76a2
refactor(auth): move request-code handler to index.dart and apply rat...
fulleni Jul 29, 2025
9fd3a44
feat(auth): add rate limiting middleware to request code endpoint
fulleni Jul 29, 2025
17df05c
style(auth): remove extra whitespace in request-code handler
fulleni Jul 29, 2025
6134a81
feat(rbac): add rate limiting bypass permission
fulleni Jul 29, 2025
baec763
feat(api): implement rate limiting for data routes
fulleni Jul 29, 2025
8f7a85a
refactor(routes): remove redundant middleware documentation
fulleni Jul 29, 2025
cd5e29b
docs(env): clarify rate limiting configuration in .env.example
fulleni Jul 29, 2025
0377190
docs(README): add built-in API rate limiting features
fulleni Jul 29, 2025
17fc972
fix(config): update default JWT expiry hours to 1 month
fulleni Jul 29, 2025
0bab60d
docs(env): update JWT expiry default and admin configuration
fulleni Jul 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
docs(env): update JWT expiry default and admin configuration 
- Change JWT_EXPIRY_HOURS default from 1 hour to 720 hours (1 month)
- Update ADMIN OVERRIDE to REQUIRED for the single administrator account setting
- Clarify optional rate limit configuration for API endpoints
  • Loading branch information
fulleni committed Jul 29, 2025
commit 0bab60de0a3e9c26b8e3ff074948d000744277b4
22 changes: 11 additions & 11 deletions .env.example
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
# JWT_SECRET_KEY="your-super-secret-and-long-jwt-key"

# OPTIONAL: The duration for which a JWT is valid, in hours.
# Defaults to 1 hour if not specified.
# JWT_EXPIRY_HOURS="1"
# Defaults to 720 hour (1 month) if not specified.
# JWT_EXPIRY_HOURS="720"

# REQUIRED FOR PRODUCTION: The specific origin URL of your web client.
# This allows the client (e.g., the HT Dashboard) to make requests to the API.
Expand All @@ -34,7 +34,7 @@
# Use "https://api.eu.sendgrid.com" for EU-based accounts.
# SENDGRID_API_URL="https://api.sendgrid.com"

# ADMIN OVERRIDE: Sets the single administrator account for the application.
# REQUIRED: Sets the single administrator account for the application.
# On server startup, the system ensures that the user with this email is the
# one and only administrator.
# - If no admin exists, one will be created with this email.
Expand All @@ -44,15 +44,15 @@
# This provides a secure way to set or recover the admin account.
# OVERRIDE_ADMIN_EMAIL="admin@example.com"

# OPTIONAL: Configure API request limits to prevent abuse.
# The application provides sensible defaults if these are not set.
#
# Limit for the /auth/request-code endpoint (requests per window).

# OPTIONAL: Limit for the /auth/request-code endpoint (requests per window).
# RATE_LIMIT_REQUEST_CODE_LIMIT=3
# Window for the /auth/request-code endpoint, in hours.

# OPTIONAL: Window for the /auth/request-code endpoint, in hours.
# RATE_LIMIT_REQUEST_CODE_WINDOW_HOURS=24
#
# Limit for the generic /data API endpoints (requests per window).

# OPTIONAL: Limit for the generic /data API endpoints (requests per window).
# RATE_LIMIT_DATA_API_LIMIT=1000
# Window for the /data API endpoints, in minutes.

# OPTIONAL: Window for the /data API endpoints, in minutes.
# RATE_LIMIT_DATA_API_WINDOW_MINUTES=60
Loading

AltStyle γ«γ‚ˆγ£γ¦ε€‰ζ›γ•γ‚ŒγŸγƒšγƒΌγ‚Έ (->γ‚ͺγƒͺγ‚ΈγƒŠγƒ«) /