Skip to content

PR for Implement Rate Limiting and Abuse Prevention #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
clintjeff2 wants to merge 50 commits into
base: main
Choose a base branch
from
Open

PR for Implement Rate Limiting and Abuse Prevention #54

clintjeff2 wants to merge 50 commits into from

Conversation

@clintjeff2
Copy link
Contributor

@clintjeff2 clintjeff2 commented Jun 5, 2025

Implement Rate Limiting for PDF Generation API

Closes #16

Overview

This PR implements comprehensive rate limiting for the PDF generation endpoint to prevent abuse and ensure fair usage across all users.

Features Added

Rate Limiting

  • Limit: 20 requests per minute per user/IP
  • Response: HTTP 429 Too Many Requests when limit exceeded
  • Headers: Standard rate limit headers (X-RateLimit-*) included in responses
  • Tracking: Prioritizes user ID over IP address for authenticated requests

Violation Logging

  • All rate limit violations are logged to database with detailed metadata
  • Tracks user ID, IP address, user agent, and request patterns
  • Enables audit and analysis of potential abuse attempts

Configuration

  • Fully configurable through environment variables
  • PDF_RATE_LIMIT_WINDOW_MS: Time window (default: 60000ms)
  • PDF_RATE_LIMIT_MAX_REQUESTS: Max requests per window (default: 20)
  • PDF_RATE_LIMIT_TRACK_BY_USER: Enable user-based tracking (default: true)

Analytics & Monitoring

  • New endpoint: GET /pdf/analytics/rate-limits for violation statistics
  • Track violations by user and IP address
  • Monitor recent violations and patterns
  • Integration with existing PDF analytics system

Implementation Details

New Files

  • src/pdf/services/rate-limit.service.ts - Core rate limiting logic
  • src/pdf/guards/rate-limit.guard.ts - NestJS guard for route protection
  • src/pdf/tasks/rate-limit-cleanup.task.ts - Cleanup expired entries

Modified Files

  • src/pdf/controllers/pdf.controller.ts - Added rate limiting and analytics
  • src/pdf/pdf.module.ts - Integrated new services and dependencies
  • prisma/schema.prisma - Added RateLimitViolation model
  • .env.development & .env.example - Added configuration variables

Database Changes

-- New table for tracking rate limit violations
CREATE TABLE rate_limit_violation (
  id VARCHAR PRIMARY KEY,
  user_id VARCHAR REFERENCES user(id),
  ip_address VARCHAR(45),
  user_agent VARCHAR(255),
  endpoint VARCHAR(100),
  request_count INTEGER,
  window_start TIMESTAMP,
  violated_at TIMESTAMP DEFAULT NOW()
);

Usage Example

# Normal request (within limits)
curl -H "Authorization: Bearer <token>" \
     -X POST /pdf/generate \
     -d '{"html": "<h1>Test</h1>"}'

# Response headers include:
# X-RateLimit-Limit: 20
# X-RateLimit-Remaining: 19
# X-RateLimit-Reset: 2024-01-01T12:01:00.000Z

# When limit exceeded:
# HTTP 429 Too Many Requests
# {
#   "error": "Too Many Requests",
#   "message": "PDF generation rate limit exceeded. Please wait before making another request.",
#   "rateLimitInfo": {
#     "limit": 20,
#     "remaining": 0,
#     "resetTime": "2024-01-01T12:01:00.000Z",
#     "retryAfter": 45
#   }
# }

clintjeff2 added 30 commits June 4, 2025 19:42
@clintjeff2
Update package-lock.json: Remove TypeORM dependencies, add Prisma
243c9aa
@clintjeff2
Update package.json: Replace TypeORM with Prisma dependencies
a9ce87d
@clintjeff2
Update Prisma service: Add proper connection lifecycle management
7857f2f
@clintjeff2
Update Prisma schema: Add ShortenedAddress model with proper relation…
6115921 
…s and indexes
@clintjeff2
Add Prisma migrations: Database schema migration from TypeORM to Prisma
12a6f66
@clintjeff2
Update Tools DTOs: Remove TypeORM decorators, keep validation
3ccff9c
@clintjeff2
Update Tools filter DTO: Migrate from TypeORM to Prisma compatible st…
2755223 
…ructure
@clintjeff2
Update Tool DTO: Remove TypeORM entity references
5a331ae
@clintjeff2
Remove TypeORM entities: Delete tool and tool-access-log entities
418d878
@clintjeff2
Migrate ToolAccessLog service: Replace TypeORM repository with Prisma…
df6be32 
… client
@clintjeff2
Update Tool controller: Adapt to Prisma service changes
07dec7c
@clintjeff2
Update Tool module: Remove TypeORM imports, add Prisma dependencies
456f2e0
@clintjeff2
Migrate Tool service: Replace TypeORM repository with Prisma client o…
643c9a2 
…perations
@clintjeff2
Update AppModule: Remove TypeORM configuration, add ShortenerModule i…
e8c1df3 
…mport
@clintjeff2
Remove old SmartContractModule: Replaced with ShortenerModule
8629ff6
@clintjeff2
Update shorten-address DTOs: Clean up imports and maintain validation
d23110f
@clintjeff2
Add create-shortened-address DTO: New DTO for Prisma model structure
8ea87e2
@clintjeff2
Add update-shortened-address DTO: Partial DTO for updates
c24bf7a
@clintjeff2
Remove SmartContract entity: Replaced with Prisma ShortenedAddress model
0fc67ea
@clintjeff2
Update Shortener service: Migrate from TypeORM to Prisma with improve…
bccd45c 
…d logic
@clintjeff2
Add ShortenerModule: New module with Prisma dependencies and utilities
d77cdc8
@clintjeff2
Update Auth module: Remove TypeORM imports, keep Prisma service
ba55015
@clintjeff2
Update create-user DTO: Remove TypeORM decorators, maintain validation
14fd478
@clintjeff2
Update login DTO: Clean up imports and validation
143d336
@clintjeff2
Update refresh-token DTO: Remove TypeORM references
8c5a50d
@clintjeff2
Update resend-otp DTO: Clean validation and imports
3544c20
@clintjeff2
Update verify-otp DTO: Remove TypeORM dependencies
22a0fc7
@clintjeff2
Remove User entity: Replaced with Prisma User model
1ea7a7e
@clintjeff2
Update OTP service: Migrate from TypeORM repository to Prisma client
9232771
@clintjeff2
Add git utility script: Helper for repository management
32495d9
clintjeff2 added 20 commits June 4, 2025 20:26
@clintjeff2
Apply global middleware structure and bootstrap JWT auth guard for PD…
780d558 
…F generation (DistinctCodes#15)
@clintjeff2
Protect /pdf/generate endpoint with JWT Auth Guard (DistinctCodes#15)
2646cfc
@clintjeff2
Customize JWT Auth Guard logic to support token validation for protec…
c0bf1ea 
…ted routes (DistinctCodes#15)
@clintjeff2
Implement JWT strategy for validating tokens in Authorization headers (
863c352 
…DistinctCodes#15)
@clintjeff2
Add custom exception filter to format auth-related errors for protect…
d4e551d 
…ed routes (DistinctCodes#15)
@clintjeff2
exported userAuthModule and imported it in pdf
c82faba
@clintjeff2
commented out error causing module
fcb82dc
@clintjeff2
feat: add PDF generation logging model to database schema
d4ff652 
- Add PdfGenerationLog model with comprehensive tracking fields
- Add PdfInputType enum for HTML/MARKDOWN distinction
- Include metadata fields: input size, processing time, success status
- Add error logging fields: error message and stack trace
- Include request tracing: user agent, IP address, request ID
- Add performance indexes for efficient querying
- Establish foreign key relationship with User model
@clintjeff2
feat: implement comprehensive PDF logging service
7fc66d0 
- Create PdfLogService for database logging operations
- Add detailed PDF generation request logging with metadata
- Implement user analytics with success rates and performance metrics
- Add system-wide analytics for administrative monitoring
- Include error pattern analysis for debugging support
- Provide safe input snippet creation with sensitive data removal
- Add request tracing and performance monitoring capabilities
@clintjeff2
feat: integrate comprehensive logging into PDF generation controller
175e694 
- Add detailed request logging with unique request IDs
- Implement safe input snippet creation for debugging
- Add comprehensive error logging with stack traces
- Include request metadata tracking (user agent, IP address)
- Add new analytics endpoints for users and administrators
- Implement processing time measurement and performance logging
- Add error pattern analysis endpoint for system monitoring
@clintjeff2
feat: integrate PDF logging service into module configuration
5dfb643 
- Add PdfLogService to PDF module providers
- Import PrismaModule for database access
- Export PdfLogService for potential use in other modules
- Update module dependencies for logging functionality
@clintjeff2
Fixed error: imported request before creating authentication request …
b928c2e 
…extension
@clintjeff2
feat: add rate limiting environment variables
1be76cb
@clintjeff2
feat: update env example with rate limiting config
42f6114
@clintjeff2
feat: add RateLimitViolation model to schema
8c78f90
@clintjeff2
feat: implement rate limiting service with violation logging
ae6b3df
@clintjeff2
feat: add PDF rate limiting guard
7cae191
@clintjeff2
feat: add rate limit cleanup task
c2d1e2a
@clintjeff2
feat: integrate rate limiting into PDF controller
21ab41c
@clintjeff2
feat: update PDF module with rate limiting dependencies
37b6f44
@clintjeff2
Copy link
Contributor Author

clintjeff2 commented Jun 10, 2025

Hello @yusuftomilola, please review and merge. Opened this over 5 days ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement Rate Limiting and Abuse Prevention

1 participant

@clintjeff2