Skip to content

Implement Rate Limiting Middleware for PDF Generator API #19

New issue
New issue
Open
Open
Implement Rate Limiting Middleware for PDF Generator API#19
Labels
ODHack14backendgood first issueGood for newcomers
@yusuftomilola

Description

@yusuftomilola
yusuftomilola
opened on May 28, 2025

Implement rate limiting middleware on the /pdf/generate API endpoint to prevent abuse, ensure fair usage, and protect server resources.

Details

  • Apply rate limits based on user identity (user ID extracted from JWT) or IP address if the user is unauthenticated.

Suggested Default Limits

  • Max 20 requests per minute per user/IP.
  • Configurable limits via environment variables for flexibility.
  • Use a scalable rate limiting library compatible with the backend stack
    (e.g., express-rate-limit, Redis-backed limiter).
  • Return HTTP 429 Too Many Requests status with a clear message when limits are exceeded.
  • Log rate limit violations with relevant metadata (user ID, IP, timestamp).
  • Ensure the middleware gracefully handles edge cases (e.g., missing user info).
  • Write automated tests simulating burst requests to verify limit enforcement and correct responses.

Acceptance Criteria

  • Rate limiting middleware correctly restricts excessive requests per user/IP.
  • Clients exceeding limits receive 429 responses with meaningful messages.
  • Rate limit breach events are logged for monitoring.
  • Tests cover normal usage and limit breach scenarios.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ODHack14backendgood first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions