feat: add rate limiting to API endpoints#14
Merged
ValDesign22 merged 4 commits intomasterfrom Apr 8, 2026
Merged
Conversation
Nonolanlan1007
approved these changes
Apr 8, 2026
github-actions Bot
pushed a commit
that referenced
this pull request
Apr 18, 2026
# 1.0.0 (2026-04-18) ### Bug Fixes * add allow duplicated attributes for apistos config ([e1f5811](e1f5811)) * add default value to REDIS_URL env var ([a4b5f99](a4b5f99)) * added no default features flag to run aliases ([e374840](e374840)) * all Github PR review responses ([ff0b07e](ff0b07e)) * **auth:** add is_admin check with auth service to Authenticated ([994f167](994f167)) * **auth:** added a 1000 multiplier to avoid adding seconds to ([442d60d](442d60d)) * **auth:** different session id in database and in jwt ([38aba5f](38aba5f)) * **auth:** use u64 instead of i64 for Discord snowflake parsing ([02cebea](02cebea)) * **auth:** user avatar and decorations not update if none of them is ([93c058d](93c058d)) * cargo clippy ([491f003](491f003)) * **ci:** added docker buildx setup to docker_build workflow ([0dd1460](0dd1460)) * **ci:** cache now (i hope) works for cargo-chef ([00310c2](00310c2)) * **ci:** docker image name in docker_build workflow ([3190540](3190540)) * **ci:** fixed Docker path in docker_build workflow ([c2485f7](c2485f7)) * **ci:** removed pull_request trigger on workflow docker_build workflow ([8df46ff](8df46ff)) * **ci:** update docker image to use the linker from the Cargo.toml ([ec925ee](ec925ee)) * **ci:** updated image tags in docker_build workflow ([a135d55](a135d55)) * **ci:** updated permissions in docker_build workflow ([f2cbb91](f2cbb91)) * **ci:** works with deprecated structs and fields now ([cffe4e3](cffe4e3)) * clippy warnings ([86073ee](86073ee)) * **clippy:** cleaned code ([77dfd24](77dfd24)) * **clippy:** cleaned up the code ([0baf08d](0baf08d)) * **deps:** auth now work without issues ([877eb73](877eb73)) * **deps:** error during auth ([635ab1c](635ab1c)) * **env:** fixed some error in env.rs file ([addd32f](addd32f)) * **integrations:** add connection_id verification when deleting a ([913356b](913356b)) * **integrations:** invalid log contents ([52a18f9](52a18f9)) * invalid log messages ([06b7d12](06b7d12)) * **logger:** otlp now working without issues ([205ea5c](205ea5c)) * **logger:** otlp now working without issues ([3f2d7bb](3f2d7bb)) * **logs:** tracing-actix-web logs now appearing ([2f2d9ab](2f2d9ab)) * **mails:** disable mail sending in debug mode ([e80174e](e80174e)) * **mails:** fixed weird title for stats report mail ([91dc3fd](91dc3fd)) * **mails:** made mail field in User model optional to avoid issues when ([f25a712](f25a712)) * **mails:** only send bot_token_regen mail when auth is admin or bot ([1ac6346](1ac6346)) * **mails:** only send mail when auth is admin ([d727781](d727781)) * **mails:** wrong url for team invitations ([7df834a](7df834a)) * minor cargo clippy issues fixed ([ff6065f](ff6065f)) * **models:** custom events in bot stats are now an empty HashMap instead ([2b6a088](2b6a088)) * moved back the path to /openapi.json ([17fd272](17fd272)) * old stats body now working without issues ([446d6c5](446d6c5)) * **openapi:** add missing camel case rename ([0f4ed19](0f4ed19)) * **openapi:** add missing rename all to camel case ([cf1e899](cf1e899)) * **openapi:** missing camelCase ([2b36ed6](2b36ed6)) * **openapi:** snowflake creating an empty body ([942df56](942df56)) * replace build by run in .cargo/config.toml ([5a29761](5a29761)) * reports_task now behind reports feature ([4e44cdd](4e44cdd)) * **reports:** data at 0 on previous data range ([d30e750](d30e750)) * **repos:** cleaned and added types to results ([720583f](720583f)) * **repositories:** degraded result on ping ([04d82ab](04d82ab)) * **repositories:** fixed changed name for the user delete service ([1648e6f](1648e6f)) * **repositories:** webhook config not saved ([48a2d46](48a2d46)) * **repos:** removed unused import ([6bcee9b](6bcee9b)) * **repos:** renamed find_by_user to find_by_id ([073cc4c](073cc4c)) * **routes:** add bot check to team member add ([c72a448](c72a448)) * **routes:** add missing field to custom event response ([7c347e4](7c347e4)) * **routes:** add possibility to unset webhook url ([ce4f72d](ce4f72d)) * **routes:** add skip to `/api/bots` OpenApi route document ([d5a112f](d5a112f)) * **routes:** allow admin request to work even if bot is suspended ([52d6579](52d6579)) * **routes:** bot auth now fixed ([897e4b9](897e4b9)) * **routes:** bot auth now fixed ([#15](#15)) ([30e2bec](30e2bec)) * **routes:** bot last push field never updated ([deecdde](deecdde)) * **routes:** cannot create multiple achievement from same source ([3e9f243](3e9f243)) * **routes:** change integrations route OpenAPI summary and description ([0ae4f8a](0ae4f8a)) * **routes:** check if user_id is authenticated user user_id when using ([680368d](680368d)) * **routes:** create bot if doesn't exist one when adding webhook ([68be3fb](68be3fb)) * **routes:** current_value should be i32 instead of None now ([4fcbd96](4fcbd96)) * **routes:** custom_event current_value is default_value if None ([0cc3b42](0cc3b42)) * **routes:** custom_event current_value should be correct now ([33b92b8](33b92b8)) * **routes:** display only original achievements ([920dad5](920dad5)) * **routes:** extractor returnin bad request instead of forbidden ([b1f260c](b1f260c)) * **routes:** finally fixed the custom event current_value ([38a1d1e](38a1d1e)) * **routes:** FORBID code on invitations routes ([bfd654f](bfd654f)) * **routes:** FORBID code on routes ([218365e](218365e)) * **routes:** Forbidden action on PATCH achievement ([c514ba6](c514ba6)) * **routes:** forbidden error on auth ([4a2bebd](4a2bebd)) * **routes:** handle both old and new structures of the bodies ([0c837b4](0c837b4)) * **routes:** internal server error on fetching bot details ([3a99bd3](3a99bd3)) * **routes:** invalid HTTP error code ([f5abf51](f5abf51)) * **routes:** invalid id usage ([6a168bd](6a168bd)) * **routes:** invalid log message ([f713859](f713859)) * **routes:** invalid payload ([95a8d9b](95a8d9b)) * **routes:** invalid permission on answer invitation ([ae61ccf](ae61ccf)) * **routes:** inverted incorrect datetime diff check ([1bdc2eb](1bdc2eb)) * **routes:** made all achievements displayable using admin permission ([c011e75](c011e75)) * **routes:** make advanced_stats field optional ([cd27cb6](cd27cb6)) * **routes:** missing payload ([5304dbb](5304dbb)) * **routes:** modified status code ([2c0f222](2c0f222)) * **routes:** modify the payload to use only the graph name for custom ([cf4d79a](cf4d79a)) * **routes:** now display non accepted team members ([69288b5](69288b5)) * **routes:** ObjectId error on achievement creation ([efc1106](efc1106)) * **routes:** only add user to team when invitation is accepted ([af2b6ea](af2b6ea)) * **routes:** only allow bot owner to create achievement ([abf88b2](abf88b2)) * **routes:** only allow bot owner to delete achievement ([5ba9a3a](5ba9a3a)) * **routes:** only allow bot owner to reset achievements ([10b2434](10b2434)) * **routes:** only allow bot owner to update achievement ([547fed0](547fed0)) * **routes:** only bot owner should manage bot token ([222af5b](222af5b)) * **routes:** only bot owner should manage team ([257f23b](257f23b)) * **routes:** only bot owner should update bot settings ([406afbc](406afbc)) * **routes:** refactor BotResponse to follow Bot model ([df6b1fc](df6b1fc)) * **routes:** remove bot permission to reset achievements and modified ([c8e662f](c8e662f)) * **routes:** remove team field from PATCH bot ([0ac878a](0ac878a)) * **routes:** remove unnecessary auth context check ([5e35e93](5e35e93)) * **routes:** remove webhooks config from bot responses when user is not ([fe643d2](fe643d2)) * **routes:** replaced summary and description of bot unsuspend openapi ([7abe91c](7abe91c)) * **routes:** returns 404 on bot not found when refresh bot token ([b243eff](b243eff)) * **routes:** reverse pending invitation value ([bdd85fa](bdd85fa)) * **routes:** reverse value of ignore_webhooks ([c468d2a](c468d2a)) * **routes:** simplified Option checking ([e6a2abf](e6a2abf)) * **routes:** wrong check on invitation answer check ([ed2c2d4](ed2c2d4)) * **routes:** wrong number of parameters on bot event route ([a28a284](a28a284)) * rustfmt error ([80f47d1](80f47d1)) * rustfmt issue ([34ab8ca](34ab8ca)) * **rustfmt:** format the code to avoid rustfmt error ([519cd7d](519cd7d)) * string error ([39c3d5a](39c3d5a)) * **warnings:** use last_push instead of watched_since for inactive task ([a9c3b3d](a9c3b3d)) * **webhooks:** achievement id missing ([7c1c447](7c1c447)) * **webhooks:** add missing derive ([c03ad37](c03ad37)) * **webhooks:** add missing derive (again) ([eabdcef](eabdcef)) * **webhooks:** added missing Self ([90087d8](90087d8)) * **webhooks:** added support to discord webhooks from discordapp and ([125b8f8](125b8f8)) * **webhooks:** owner computed only in test webhook ([78dadbf](78dadbf)) * **webhooks:** provider test now works without issues ([a06a86c](a06a86c)) * **webhooks:** test webhook saved in database and invalid provider type ([465a5c1](465a5c1)) * **webhooks:** topgg delete integration now working ([c3d115f](c3d115f)) * **webhooks:** topgg integration now working without issues ([b163de6](b163de6)) * **webhooks:** use bot webhook secret from config instead of env one ([a397561](a397561)) ### Features * **achievements:** add default achievements and reset achievements ([23a7a9c](23a7a9c)) * **achievements:** make achievements achievable ([4abe8b4](4abe8b4)) * add env config for rate limiting ([f10ec43](f10ec43)) * add explanation to the MAX_DATE_RANGE constant ([8f05c81](8f05c81)) * Add feature flags for otel, mails and reports ([7c584fc](7c584fc)) * add missing examples values to env ([cbc280f](cbc280f)) * add rate limiting to API endpoints ([e72cbf7](e72cbf7)) * add rate limiting to API endpoints ([#14](#14)) ([9c2139f](9c2139f)) * add remove expired sessions task ([1e32c95](1e32c95)) * **auth:** add current field to session response ([6517a14](6517a14)) * **auth:** added auth service ([44909a6](44909a6)) * **auth:** finished auth middleware ([71ac6b1](71ac6b1)) * **auth:** started working on auth security ([b4605d8](b4605d8)) * **ci:** added CI workflow ([a157a99](a157a99)) * **ci:** added Docker ([8998f60](8998f60)) * **ci:** added docker build cache & PR preview notification in docker_build workflow ([9b26b1c](9b26b1c)) * **ci:** added Semantic Release ([ab54dba](ab54dba)) * **ci:** added semantic release configuration ([1beb32f](1beb32f)) * **ci:** HEALTHCHECK to Dockerfile ([8e7a577](8e7a577)) * **ci:** optimized release build size output ([70c9feb](70c9feb)) * **ci:** use cargo-nextest instead of cargo-test ([7633dc9](7633dc9)) * **config:** add ENABLE_REGISTRATIONS variable to enable or disable ([059886b](059886b)) * **config:** add MAX_DATE_RANGE to avoid making too big requests to the ([140f528](140f528)) * **deps:** add missing feature for tracing-actix-web ([deddd81](deddd81)) * **deps:** add missing features ([8020a4c](8020a4c)) * Enable full default feature and fix OTEL logging ([3aeda8c](3aeda8c)) * implement better rate limiting ([f42447b](f42447b)) * **integrations:** add other integrations ([f2bcc5e](f2bcc5e)) * **integrations:** add other integrations ([#12](#12)) ([624655c](624655c)) * **logger:** added OpenTelemetry to logger ([4ee1354](4ee1354)) * **logger:** added tracing-actix-web crate ([e50a0cc](e50a0cc)) * **logger:** OpenTelemetry ([#2](#2)) ([61c538f](61c538f)) * **mails:** add discord dm notifications ([155b974](155b974)) * **mails:** add mails support ([a9c3cb4](a9c3cb4)) * **mails:** add sent field to the invitation response ([768d094](768d094)) * **managers:** added votes webhooks ([932714e](932714e)) * **model:** added all the remaining models ([c70a277](c70a277)) * **model:** added all the remaining models ([0b3d6d2](0b3d6d2)) * **models:** add default_value field to custom events ([685e2e1](685e2e1)) * **models:** add limits to bot structures ([ed7d03f](ed7d03f)) * **models:** added missing files ([aea246f](aea246f)) * **openapi:** add admin field to user response ([ecf8876](ecf8876)) * **openapi:** modify IntegrationPayload to use camelCase ([bc58a36](bc58a36)) * **reports:** add reports task ([0a91c39](0a91c39)) * **repos:** added all the remaining repositories ([2f2e1b2](2f2e1b2)) * **repos:** added bots and articles repos ([215208b](215208b)) * **repos:** added r2 repository ([1656570](1656570)) * **repositories:** add max_key to reduce request load time in r2 ping ([d8ebc74](d8ebc74)) * **repositories:** add meta_field to timeseries ([c7a2ab0](c7a2ab0)) * **repositories:** added repos health check on health route ([afede6a](afede6a)) * **route:** add GET auth config routes ([756554d](756554d)) * routes ([#3](#3)) ([c1077ec](c1077ec)) * **routes:** add /api/achievements route ([634068f](634068f)) * **routes:** add /api/invitations route ([4c2ea8c](4c2ea8c)) * **routes:** add /api/stats route for global platform statistics ([3cb0b35](3cb0b35)) * **routes:** add articles routes ([758a082](758a082)) * **routes:** add auth routes and handlers ([7e8abae](7e8abae)) * **routes:** add better custom events handling ([203dfd4](203dfd4)) * **routes:** add bot achievements route ([9708335](9708335)) * **routes:** add bot custom events route ([d703e20](d703e20)) * **routes:** add bot refresh token route ([a066911](a066911)) * **routes:** add bot stats route ([61266fb](61266fb)) * **routes:** add bot suspend route ([e152f08](e152f08)) * **routes:** add bot team route ([6bb728e](6bb728e)) * **routes:** add bot vote webhooks support ([961044a](961044a)) * **routes:** add debug infos refresh route ([6ba0fd9](6ba0fd9)) * **routes:** add delete event from stats call to the actual route ([93c3bb5](93c3bb5)) * **routes:** add expiresIn query to auth response ([4acd3fd](4acd3fd)) * **routes:** add from field to response ([b8a3fdc](b8a3fdc)) * **routes:** add from_shared to AchievementResponse struct ([2142fb0](2142fb0)) * **routes:** add GET /api/bots/:id route ([af8647f](af8647f)) * **routes:** add get bot token route ([9499400](9499400)) * **routes:** add GET invitations route ([075a676](075a676)) * **routes:** add linked roles route ([5591b73](5591b73)) * **routes:** add PATCH bot settings route ([7907bcb](7907bcb)) * **routes:** add possibility to edit bot limits ([30116f6](30116f6)) * **routes:** add possibility to edit webhook url ([c69395e](c69395e)) * **routes:** add topgg webhook integration support ([f40767a](f40767a)) * **routes:** add user bots route ([df618c5](df618c5)) * **routes:** add user invitations route ([371e0cb](371e0cb)) * **routes:** add user route ([618a98a](618a98a)) * **routes:** add user suspend route ([07b9714](07b9714)) * **routes:** add users route ([a36cb4d](a36cb4d)) * **routes:** added /api/bots route and extractors for authentication ([cd214bb](cd214bb)) * **routes:** added article author to article responses ([23795d5](23795d5)) * **routes:** added date range validation error responses ([15f0404](15f0404)) * **routes:** added health route and openapi specs ([6a0047f](6a0047f)) * **routes:** added missing configure for the user route ([7a4cbcc](7a4cbcc)) * **routes:** allow admin users to view bot_id on achievement ([ec2a5ac](ec2a5ac)) * **routes:** bot reports done ([68136f4](68136f4)) * **routes:** finish `GET /bots/{id}/reports` route ([92d2a42](92d2a42)) * **routes:** normalized the POST bot stats route ([da94370](da94370)) * **routes:** start of bot reports ([c8b71dc](c8b71dc)) * **security:** added cors ([1c58dfd](1c58dfd)) * **services:** remove user from teams when deleting user ([be83f8c](be83f8c)) * **stats:** added frequency enum ([1cba3dc](1cba3dc)) * **stats:** deleting existing event delete all its entries from stats ([0a5f07d](0a5f07d)) * **warnings:** add inactive bot warnings and deletion ([114eaff](114eaff)) * **warnings:** add non configured bot warnings ([6b09eba](6b09eba)) * **webhooks:** add debug for wb waitlist ([c77a31a](c77a31a)) * **webhooks:** add test provider to webhooks ([8e65648](8e65648)) * **websocket:** add lost page websocket ([b8b3ee7](b8b3ee7))
|
🎉 This PR is included in version 1.0.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces rate limiting to the Actix Web application and updates several dependencies to their latest versions. The most significant change is the addition of the
actix-governormiddleware to globally enforce request rate limits. Other updates include dependency bumps for improved stability and compatibility.Rate limiting integration:
actix-governordependency and importedGovernorandGovernorConfigBuilderinsrc/main.rsto enable request rate limiting. [1] [2]GovernorConfigwith a limit of 1 request per 100 milliseconds and a burst size of 10, and applied theGovernormiddleware to all routes via the main application scope. This helps protect the API from abuse and accidental overload. [1] [2]Dependency updates:
charts-rsfrom version0.3.28to0.4.0for improved features and bug fixes.lettrefrom0.11.20to0.11.21for the latest email transport improvements.tokiofrom1.50.0to1.51.0for enhanced async runtime performance and compatibility.