54 lines
1.4 KiB
Markdown
54 lines
1.4 KiB
Markdown
# Story 6.4: Rate Limiting
|
|
|
|
## Metadata
|
|
- **Story ID**: 6.4
|
|
- **Title**: Rate Limiting
|
|
- **Epic**: 6 - Observability & Production Readiness
|
|
- **Status**: Pending
|
|
- **Priority**: High
|
|
- **Estimated Time**: 4-5 hours
|
|
- **Dependencies**: 1.5, 5.1
|
|
|
|
## Goal
|
|
Implement rate limiting to prevent API abuse and ensure fair resource usage.
|
|
|
|
## Description
|
|
This story implements rate limiting middleware that limits requests per user and per IP address, with configurable limits per endpoint.
|
|
|
|
## Deliverables
|
|
|
|
### 1. Rate Limiting Middleware
|
|
- Per-user rate limiting
|
|
- Per-IP rate limiting
|
|
- Configurable limits per endpoint
|
|
- Rate limit storage (Redis)
|
|
- Return `X-RateLimit-*` headers
|
|
|
|
### 2. Configuration
|
|
- Rate limit config in `config/default.yaml`:
|
|
```yaml
|
|
rate_limiting:
|
|
enabled: true
|
|
per_user: 100/minute
|
|
per_ip: 1000/minute
|
|
```
|
|
|
|
### 3. Integration
|
|
- Integrate with HTTP server
|
|
- Add to middleware stack
|
|
- Error responses for rate limit exceeded
|
|
|
|
## Acceptance Criteria
|
|
- [ ] Rate limiting prevents abuse
|
|
- [ ] Per-user limits work correctly
|
|
- [ ] Per-IP limits work correctly
|
|
- [ ] Rate limit headers are returned
|
|
- [ ] Configuration is flexible
|
|
- [ ] Rate limits are stored in Redis
|
|
|
|
## Files to Create/Modify
|
|
- `internal/server/middleware.go` - Rate limiting middleware
|
|
- `internal/infra/ratelimit/limiter.go` - Rate limiter implementation
|
|
- `config/default.yaml` - Add rate limit config
|
|
|