Skip to content

Feature/rate limiting implementation#109

Merged
Cedarich merged 5 commits intoZyntariHQ:mainfrom
LaGodxy:feature/rate-limiting-implementation
Mar 8, 2026
Merged

Feature/rate limiting implementation#109
Cedarich merged 5 commits intoZyntariHQ:mainfrom
LaGodxy:feature/rate-limiting-implementation

Conversation

@LaGodxy
Copy link
Copy Markdown
Contributor

@LaGodxy LaGodxy commented Mar 8, 2026

✅ Rate Limiting Implementation Complete

Features Implemented:

  • Redis-backed rate limiting using @nestjs/throttler
  • Configurable limits via environment variables
  • Stricter limits for auth endpoints: 5 requests per 15 minutes per IP
  • Invoice creation limits: 20 requests per hour per user
  • 429 responses with Retry-After headers
  • E2E tests for rate limiting functionality

Files Created/Modified:

  • src/config/throttler.config.ts - Rate limiting configuration
  • src/throttler/throttler.module.ts - Redis-backed throttler module
  • src/throttler/throttler-storage-redis.service.ts - Custom Redis storage
  • src/auth/auth.controller.ts - Applied rate limiting to auth endpoints
  • src/invoices/invoices.controller.ts - Applied rate limiting to invoice creation
  • test/rate-limiting.e2e-spec.ts - Comprehensive E2E tests
  • .github/workflows/backend.yml - Added Redis service for CI
  • src/app.module.ts - Integrated throttler module and config

Environment Variables Added:

# General rate limiting
THROTTLE_TTL=60
THROTTLE_LIMIT=100

# Auth endpoints (stricter)
THROTTLE_AUTH_TTL=900  # 15 minutes
THROTTLE_AUTH_LIMIT=5   # 5 attempts

# Invoice creation
THROTTLE_INVOICE_TTL=3600  # 1 hour  
THROTTLE_INVOICE_LIMIT=20   # 20 invoices

# Redis configuration
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
REDIS_DB=0
REDIS_KEY_PREFIX=invoisio:throttle:

closes #103

@Cedarich
Copy link
Copy Markdown
Contributor

Cedarich commented Mar 8, 2026

Please fix E2E Test

@Cedarich Cedarich merged commit cfd8bd9 into ZyntariHQ:main Mar 8, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Cedarich Cedarich Cedarich approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Rate-limit and abuse protection for auth and invoice creation

2 participants

@LaGodxy @Cedarich