Merge branch 'release/0.7.0'

Author: ljonesfl

.version.json

@@ -1,7 +1,7 @@
 {
   "strategy": "semver",
   "major": 0,
-  "minor": 6,
-  "patch": 9,
+  "minor": 7,
+  "patch": 0,
   "build": 0
 }

README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://app.travis-ci.com/Neuron-PHP/routing.svg?token=F8zCwpT7x7Res7J2N4vF&branch=master)](https://app.travis-ci.com/Neuron-PHP/routing)
+[![CI](https://github.com/neuron-php/routing/actions/workflows/ci.yml/badge.svg)](https://github.com/neuron-php/routing/actions)
 # Neuron-PHP Routing
 
 ## Overview
@@ -80,6 +80,168 @@ several routes including one with a variable.
 If present, the extra element is merged into the parameters array
 before it is passed to the routes closure.
 
+## Rate Limiting
+
+The routing component includes a powerful rate limiting system with multiple storage backends and flexible configuration options.
+
+### Basic Usage
+
+```php
+use Neuron\Routing\Router;
+use Neuron\Routing\Filters\RateLimitFilter;
+use Neuron\Routing\RateLimit\RateLimitConfig;
+
+$router = Router::instance();
+
+// Create rate limit configuration
+$config = new RateLimitConfig([
+    'enabled' => true,
+    'storage' => 'redis',  // Options: redis, file, memory (testing only)
+    'requests' => 100,      // Max requests per window
+    'window' => 3600        // Time window in seconds (1 hour)
+]);
+
+// Create and register the filter
+$rateLimitFilter = new RateLimitFilter($config);
+$router->registerFilter('rate_limit', $rateLimitFilter);
+
+// Apply globally to all routes
+$router->addFilter('rate_limit');
+
+// Or apply to specific routes
+$router->get('/api/data', $handler, 'rate_limit');
+```
+
+### Configuration Options
+
+Rate limiting can be configured via array or environment variables:
+
+```php
+// Array configuration
+$config = new RateLimitConfig([
+    'enabled' => true,
+    'storage' => 'redis',
+    'requests' => 100,
+    'window' => 3600,
+    'redis_host' => '127.0.0.1',
+    'redis_port' => 6379,
+    'file_path' => 'cache/rate_limits'
+]);
+
+// From settings/environment variables (flat structure)
+// RATE_LIMIT_ENABLED=true
+// RATE_LIMIT_STORAGE=redis
+// RATE_LIMIT_REQUESTS=100
+// RATE_LIMIT_WINDOW=3600
+$config = RateLimitConfig::fromSettings($settingsSource);
+```
+
+### Storage Backends
+
+#### Redis (Recommended for Production)
+Best for distributed systems and high-traffic applications:
+
+```php
+$config = new RateLimitConfig([
+    'storage' => 'redis',
+    'redis_host' => '127.0.0.1',
+    'redis_port' => 6379,
+    'redis_database' => 0,
+    'redis_prefix' => 'rate_limit_',
+    'redis_auth' => 'password',  // Optional
+    'redis_persistent' => true    // Use persistent connections
+]);
+```
+
+#### File Storage
+Simple solution for single-server deployments:
+
+```php
+$config = new RateLimitConfig([
+    'storage' => 'file',
+    'file_path' => 'cache/rate_limits'  // Directory for rate limit files
+]);
+```
+
+#### Memory Storage (Testing Only)
+For unit tests and development:
+
+```php
+$config = new RateLimitConfig([
+    'storage' => 'memory'  // Data lost when PHP process ends
+]);
+```
+
+### Advanced Features
+
+#### Key Strategies
+Control how rate limits are applied:
+
+```php
+// Limit by IP address (default)
+$filter = new RateLimitFilter($config, 'ip');
+
+// Limit by authenticated user
+$filter = new RateLimitFilter($config, 'user');
+
+// Limit by IP + route combination
+$filter = new RateLimitFilter($config, 'route');
+
+// Custom key generation
+class CustomRateLimitFilter extends RateLimitFilter {
+    protected function getCustomKey(RouteMap $route): string {
+        // Your custom logic here
+        return $_SESSION['tenant_id'] ?? $this->getClientIp();
+    }
+}
+```
+
+#### Whitelisting and Blacklisting
+
+```php
+$filter = new RateLimitFilter(
+    $config,
+    'ip',
+    ['192.168.1.100', '10.0.0.1'],  // Whitelist - no limits
+    ['45.67.89.10']                  // Blacklist - stricter limits (1/10th)
+);
+```
+
+#### Custom Responses
+Rate limit exceeded responses include appropriate headers:
+- `X-RateLimit-Limit`: Maximum requests allowed
+- `X-RateLimit-Remaining`: Requests remaining
+- `X-RateLimit-Reset`: Unix timestamp when limit resets
+- `Retry-After`: Seconds until retry allowed
+
+The response format (JSON/HTML) is automatically determined from the Accept header.
+
+### Example: API Rate Limiting
+
+```php
+// Different limits for different endpoints
+$publicConfig = new RateLimitConfig([
+    'enabled' => true,
+    'storage' => 'redis',
+    'requests' => 10,
+    'window' => 60  // 10 requests per minute
+]);
+
+$apiConfig = new RateLimitConfig([
+    'enabled' => true,
+    'storage' => 'redis',
+    'requests' => 1000,
+    'window' => 3600  // 1000 requests per hour
+]);
+
+$router->registerFilter('public_limit', new RateLimitFilter($publicConfig));
+$router->registerFilter('api_limit', new RateLimitFilter($apiConfig));
+
+// Apply different limits
+$router->get('/public/search', $searchHandler, 'public_limit');
+$router->get('/api/users', $usersHandler, 'api_limit');
+```
+
 # More Information
 
 You can read more about the Neuron components at [neuronphp.com](http://neuronphp.com)

VERSIONLOG.md

@@ -1,3 +1,14 @@
+* Added comprehensive rate limiting system with multiple storage backends.
+* Added RateLimitFilter for request throttling.
+* Added Redis, File, and Memory storage implementations for rate limiting.
+* Added configurable rate limiting with environment variable support (flat structure).
+* Added whitelisting and blacklisting support for rate limiting.
+* Added automatic rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset).
+* Added HTTP 429 response formatting with JSON/HTML content negotiation.
+* Added comprehensive tests for rate limiting functionality.
+* Added IPResolver.
+
+## 0.6.10 2025-11-04
 ## 0.6.9 2025-05-21
 
 ## 0.6.8 2025-02-18

src/Routing/DefaultIpResolver.php

@@ -0,0 +1,72 @@
+<?php
+
+namespace Neuron\Routing;
+
+/**
+ * Default IP resolver implementation that checks common proxy headers.
+ *
+ * This resolver checks standard proxy headers in order of preference,
+ * validating and extracting the client IP address. It handles:
+ * - Cloudflare (CF-Connecting-IP)
+ * - Standard proxies (X-Forwarded-For)
+ * - Nginx (X-Real-IP)
+ * - Other proxies (Client-IP)
+ *
+ * Falls back to REMOTE_ADDR if no valid IP is found in headers.
+ *
+ * @package Neuron\Routing
+ */
+class DefaultIpResolver implements IIpResolver
+{
+	/**
+	 * Resolve the client IP address by checking common proxy headers.
+	 *
+	 * @param array $server The $_SERVER array
+	 * @return string The resolved IP address
+	 */
+	public function resolve( array $server ): string
+	{
+		// Check common proxy headers in order of preference
+		$headers = [
+			'HTTP_CF_CONNECTING_IP',     // Cloudflare
+			'HTTP_X_FORWARDED_FOR',       // Standard proxy
+			'HTTP_X_REAL_IP',            // Nginx
+			'HTTP_CLIENT_IP',            // Some proxies
+		];
+
+		foreach( $headers as $header )
+		{
+			if( !empty( $server[ $header ] ) )
+			{
+				// Handle comma-separated list (proxy chain) - take first IP
+				$ip = $this->extractFirstIp( $server[ $header ] );
+
+				// Validate IP format
+				if( filter_var( $ip, FILTER_VALIDATE_IP ) )
+				{
+					return $ip;
+				}
+			}
+		}
+
+		// Fallback to direct connection
+		return $server[ 'REMOTE_ADDR' ] ?? '0.0.0.0';
+	}
+
+	/**
+	 * Extract the first IP from a potentially comma-separated list.
+	 *
+	 * @param string $ipString The IP string (may contain multiple IPs)
+	 * @return string The first IP address
+	 */
+	protected function extractFirstIp( string $ipString ): string
+	{
+		if( strpos( $ipString, ',' ) !== false )
+		{
+			$ips = explode( ',', $ipString );
+			return trim( $ips[0] );
+		}
+
+		return trim( $ipString );
+	}
+}