andrei/maternal-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aa1ebf51e6b3ae6c5914ceccecda903c3137e759
maternal-app/maternal-web/scripts/test-rate-limit.sh
Andrei 8e3567e3d6
Some checks failed
CI/CD Pipeline / Lint and Test (push) Has been cancelled
Details
CI/CD Pipeline / E2E Tests (push) Has been cancelled
Details
CI/CD Pipeline / Build Application (push) Has been cancelled
Details
Add rate limiting to API endpoints 
Implemented comprehensive rate limiting for API security:

- Created custom Next.js-native rate limiter using in-memory store
- Added 5 rate limit configurations:
  - authLimiter: 5 requests/15min for login/register/password-reset
  - aiLimiter: 10 requests/hour for AI assistant queries
  - trackingLimiter: 30 requests/min for activity tracking
  - readLimiter: 100 requests/min for read-only endpoints
  - sensitiveLimiter: 3 requests/hour for sensitive operations

- Applied rate limiting to endpoints:
  - /api/auth/login, /api/auth/register, /api/auth/password-reset
  - /api/ai/chat
  - /api/tracking/feeding (GET and POST)

- Rate limit responses include standard headers:
  - RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
  - Retry-After header with seconds until reset

- Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429

Note: Current implementation uses in-memory store. For production with
multiple instances, migrate to Redis-backed storage for distributed
rate limiting.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-01 20:08:28 +00:00

31 lines
801 B
Bash
Executable File
Raw Blame History

#!/bin/bash
# Test script for rate limiting
# Tests authentication endpoint rate limit (5 requests per 15 minutes)
echo "Testing authentication rate limiting..."
echo "Endpoint: POST /api/auth/login"
echo "Limit: 5 requests per 15 minutes"
echo ""
BASE_URL="http://localhost:3030"
# Make 7 requests to trigger rate limit
for i in {1..7}; do
echo "Request #$i:"
RESPONSE=$(curl -s -w "\nHTTP Status: %{http_code}\n" \
-X POST "$BASE_URL/api/auth/login" \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"test123"}')
echo "$RESPONSE"
echo "---"
# Small delay between requests
sleep 0.5
done
echo ""
echo "Expected: First 5 requests should go through (may fail on backend)"
echo "Expected: Requests 6-7 should return 429 Too Many Requests"
Reference in New Issue View Git Blame Copy Permalink