1.4 KiB
1.4 KiB
Story 6.4: Rate Limiting
Metadata
- Story ID: 6.4
- Title: Rate Limiting
- Epic: 6 - Observability & Production Readiness
- Status: Pending
- Priority: High
- Estimated Time: 4-5 hours
- Dependencies: 1.5, 5.1
Goal
Implement rate limiting to prevent API abuse and ensure fair resource usage.
Description
This story implements rate limiting middleware that limits requests per user and per IP address, with configurable limits per endpoint.
Deliverables
1. Rate Limiting Middleware
- Per-user rate limiting
- Per-IP rate limiting
- Configurable limits per endpoint
- Rate limit storage (Redis)
- Return
X-RateLimit-*headers
2. Configuration
- Rate limit config in
config/default.yaml:rate_limiting: enabled: true per_user: 100/minute per_ip: 1000/minute
3. Integration
- Integrate with HTTP server
- Add to middleware stack
- Error responses for rate limit exceeded
Acceptance Criteria
- Rate limiting prevents abuse
- Per-user limits work correctly
- Per-IP limits work correctly
- Rate limit headers are returned
- Configuration is flexible
- Rate limits are stored in Redis
Files to Create/Modify
internal/server/middleware.go- Rate limiting middlewareinternal/infra/ratelimit/limiter.go- Rate limiter implementationconfig/default.yaml- Add rate limit config