9dfa04094b
Adds three named rate limiters to the existing Redis sliding-window catalog and a withRateLimit wrapper that composes inside withAuth. Wires the OCR limiter into the receipt-scan endpoint so a runaway client can't burn through the AI budget in a tight loop. - ocr: 10/min/user - ai: 60/min/user (reserved for future server-side AI surfaces) - exports: 30/hour/user (reserved for GDPR bundle, PDF, CSV exports) 429 responses include X-RateLimit-* headers and a Retry-After hint. Tests: 771/771 vitest (was 766) — +5 rate-limit tests covering catalog shape, sliding window, cross-prefix isolation, cross-user isolation, and resetAt timestamp. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
89 lines
3.1 KiB
TypeScript
89 lines
3.1 KiB
TypeScript
import { redis } from '@/lib/redis';
|
|
|
|
export interface RateLimitConfig {
|
|
/** Duration of the sliding window in milliseconds. */
|
|
windowMs: number;
|
|
/** Maximum number of requests allowed per window. */
|
|
max: number;
|
|
/** Redis key prefix distinguishing different limit types. */
|
|
keyPrefix: string;
|
|
}
|
|
|
|
export interface RateLimitResult {
|
|
allowed: boolean;
|
|
limit: number;
|
|
remaining: number;
|
|
/** Unix timestamp (ms) at which the oldest entry in the window expires. */
|
|
resetAt: number;
|
|
}
|
|
|
|
/**
|
|
* Redis sliding-window rate limiter.
|
|
*
|
|
* Uses a sorted set per identifier where each member is a unique request
|
|
* timestamp. Old entries outside the window are pruned on each call.
|
|
*/
|
|
export async function checkRateLimit(
|
|
identifier: string,
|
|
config: RateLimitConfig,
|
|
): Promise<RateLimitResult> {
|
|
const key = `rl:${config.keyPrefix}:${identifier}`;
|
|
const now = Date.now();
|
|
const windowStart = now - config.windowMs;
|
|
|
|
const pipeline = redis.pipeline();
|
|
// Remove entries older than the window.
|
|
pipeline.zremrangebyscore(key, '-inf', windowStart);
|
|
// Record this request; score = timestamp, member adds randomness for uniqueness.
|
|
pipeline.zadd(key, now, `${now}:${Math.random().toString(36).slice(2)}`);
|
|
// Count entries currently in the window.
|
|
pipeline.zcard(key);
|
|
// Expire the key after one full window so Redis doesn't accumulate stale keys.
|
|
pipeline.pexpire(key, config.windowMs);
|
|
|
|
const results = await pipeline.exec();
|
|
|
|
const count = (results?.[2]?.[1] as number) ?? 0;
|
|
const remaining = Math.max(0, config.max - count);
|
|
|
|
return {
|
|
allowed: count <= config.max,
|
|
limit: config.max,
|
|
remaining,
|
|
resetAt: now + config.windowMs,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Returns standard rate-limit response headers from a RateLimitResult.
|
|
*/
|
|
export function rateLimitHeaders(result: RateLimitResult): Record<string, string> {
|
|
return {
|
|
'X-RateLimit-Limit': result.limit.toString(),
|
|
'X-RateLimit-Remaining': result.remaining.toString(),
|
|
'X-RateLimit-Reset': Math.ceil(result.resetAt / 1000).toString(),
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Pre-configured rate limiters matching SECURITY-GUIDELINES.md §6.1.
|
|
*/
|
|
export const rateLimiters = {
|
|
/** Auth endpoints: 5 attempts per 15 minutes per identifier. */
|
|
auth: { windowMs: 15 * 60 * 1000, max: 5, keyPrefix: 'auth' },
|
|
/** Authenticated API: 120 requests per minute. */
|
|
api: { windowMs: 60 * 1000, max: 120, keyPrefix: 'api' },
|
|
/** File uploads: 10 per minute. */
|
|
upload: { windowMs: 60 * 1000, max: 10, keyPrefix: 'upload' },
|
|
/** Bulk operations: 5 per minute. */
|
|
bulk: { windowMs: 60 * 1000, max: 5, keyPrefix: 'bulk' },
|
|
/** Receipt scanner: 10 OCR runs per minute per user. */
|
|
ocr: { windowMs: 60 * 1000, max: 10, keyPrefix: 'ocr' },
|
|
/** Server-side AI calls (summary, embeddings, etc): 60 per minute per user. */
|
|
ai: { windowMs: 60 * 1000, max: 60, keyPrefix: 'ai' },
|
|
/** Data exports (GDPR bundle, PDF, CSV): 30 per hour per user. */
|
|
exports: { windowMs: 60 * 60 * 1000, max: 30, keyPrefix: 'export' },
|
|
} as const satisfies Record<string, RateLimitConfig>;
|
|
|
|
export type RateLimiterName = keyof typeof rateLimiters;
|