feat: add rate limiter [IN-803] #1390
Open
+555
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a Redis-based rate limiting system for the application to protect against excessive request volumes. The implementation uses IP address hashing for GDPR compliance and supports configurable per-route and per-method rate limits.
Key Changes:
- Added rate limiter middleware that intercepts requests and enforces configurable rate limits
- Implemented IP extraction and hashing logic for GDPR compliance
- Configured Redis client integration from the crowd.dev repository
- Added rate limit headers to API responses
Reviewed Changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/setup/rate-limiter.ts | Defines rate limiter configuration with default and route-specific limits |
| frontend/server/utils/rate-limiter.ts | Core rate limiting logic including IP extraction, route matching, and Redis operations |
| frontend/server/types/rate-limiter.ts | TypeScript type definitions for rate limiter configuration and results |
| frontend/server/middleware/rate-limiter.ts | Middleware that applies rate limiting to incoming requests |
| frontend/package.json | Added Redis client dependencies |
| frontend/nuxt.config.ts | Integrated rate limiter config and fixed comment typo |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
borfast
force-pushed
the
feat/IN-803-add-rate-limiter
branch
7 times, most recently
from
642333a to
11c9c65
Compare
borfast
force-pushed
the
feat/IN-803-add-rate-limiter
branch
4 times, most recently
from
26b57f4 to
852529c
Compare
borfast
force-pushed
the
feat/IN-803-add-rate-limiter
branch
2 times, most recently
from
f99d631 to
e8fd9f9
Compare
Signed-off-by: Raúl Santos <[email protected]>
borfast
force-pushed
the
feat/IN-803-add-rate-limiter
branch
from
e8fd9f9 to
0f32fd2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a rate limiting system for the application, using Redis for tracking requests.
Because for the frontend directory the dependencies have to be installed
--ignore-workspace, the existing Redis client package from the crowd.dev repository was not reused. Instead, a light version was created.The environment variables
NUXT_REDIS_URLandNUXT_RATE_LIMITER_REDIS_DBmust be present and care must be taken so that the rate limiter does not use a database that is being used by something else.Jira ticket here.