andrei/maternal-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8e3567e3d60d8a81880214e44434b7efbf1b0e47
maternal-app/maternal-web/app/api/tracking/feeding/route.ts
Andrei 8e3567e3d6
Some checks failed
CI/CD Pipeline / Lint and Test (push) Has been cancelled
Details
CI/CD Pipeline / E2E Tests (push) Has been cancelled
Details
CI/CD Pipeline / Build Application (push) Has been cancelled
Details
Add rate limiting to API endpoints 
Implemented comprehensive rate limiting for API security:

- Created custom Next.js-native rate limiter using in-memory store
- Added 5 rate limit configurations:
  - authLimiter: 5 requests/15min for login/register/password-reset
  - aiLimiter: 10 requests/hour for AI assistant queries
  - trackingLimiter: 30 requests/min for activity tracking
  - readLimiter: 100 requests/min for read-only endpoints
  - sensitiveLimiter: 3 requests/hour for sensitive operations

- Applied rate limiting to endpoints:
  - /api/auth/login, /api/auth/register, /api/auth/password-reset
  - /api/ai/chat
  - /api/tracking/feeding (GET and POST)

- Rate limit responses include standard headers:
  - RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
  - Retry-After header with seconds until reset

- Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429

Note: Current implementation uses in-memory store. For production with
multiple instances, migrate to Redis-backed storage for distributed
rate limiting.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-01 20:08:28 +00:00

99 lines
3.0 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import { trackingLimiter } from '@/lib/middleware/rateLimiter';
/**
* Feeding tracking endpoint with rate limiting
* Limited to 30 requests per minute (reasonable for frequent tracking)
*/
export async function POST(request: NextRequest) {
// Apply rate limiting
const rateLimitResult = await trackingLimiter(request);
if (rateLimitResult) return rateLimitResult;
try {
const body = await request.json();
const { childId, type, amount, unit, startTime, endTime, notes } = body;
// TODO: Implement actual tracking logic
// This is a placeholder - actual tracking will be handled by backend
// For now, forward to backend API
const backendUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3020';
const response = await fetch(`${backendUrl}/api/v1/tracking/feeding`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
// Forward auth token from client
Authorization: request.headers.get('Authorization') || '',
},
body: JSON.stringify({ childId, type, amount, unit, startTime, endTime, notes }),
});
const data = await response.json();
if (!response.ok) {
return NextResponse.json(data, { status: response.status });
}
return NextResponse.json(data, { status: 201 });
} catch (error) {
console.error('[Tracking] Feeding error:', error);
return NextResponse.json(
{
error: 'TRACKING_FEEDING_FAILED',
message: 'Failed to save feeding record. Please try again.',
},
{ status: 500 }
);
}
}
/**
* Get feeding history with rate limiting
*/
export async function GET(request: NextRequest) {
// Apply rate limiting
const rateLimitResult = await trackingLimiter(request);
if (rateLimitResult) return rateLimitResult;
try {
const { searchParams } = new URL(request.url);
const childId = searchParams.get('childId');
const startDate = searchParams.get('startDate');
const endDate = searchParams.get('endDate');
// For now, forward to backend API
const backendUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3020';
const queryString = new URLSearchParams({
...(childId && { childId }),
...(startDate && { startDate }),
...(endDate && { endDate }),
}).toString();
const response = await fetch(`${backendUrl}/api/v1/tracking/feeding?${queryString}`, {
method: 'GET',
headers: {
// Forward auth token from client
Authorization: request.headers.get('Authorization') || '',
},
});
const data = await response.json();
if (!response.ok) {
return NextResponse.json(data, { status: response.status });
}
return NextResponse.json(data, { status: 200 });
} catch (error) {
console.error('[Tracking] Get feeding history error:', error);
return NextResponse.json(
{
error: 'TRACKING_FEEDING_GET_FAILED',
message: 'Failed to retrieve feeding history. Please try again.',
},
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink