Add comprehensive rate limiting module with policy management#64
Merged
antosubash merged 9 commits intomainfrom Apr 3, 2026
Merged
Add comprehensive rate limiting module with policy management#64antosubash merged 9 commits intomainfrom
antosubash merged 9 commits intomainfrom
Conversation
- Add rate limiting abstractions to SimpleModule.Core: policy types (FixedWindow, SlidingWindow, TokenBucket), target modes (IP, User, IpAndUser, Global), IRateLimitBuilder, IRateLimitPolicyRegistry, and .RateLimit() endpoint extension - Add ConfigureRateLimits() lifecycle hook to IModule interface - Integrate ASP.NET Core RateLimiter middleware in SimpleModule.Hosting with automatic policy registration from module definitions - Add X-RateLimit-* response headers via RateLimitHeaderMiddleware - Update source generator to discover and wire ConfigureRateLimits on modules - Create RateLimiting module with: - Contracts: RateLimitRule entity, CRUD DTOs, IRateLimitingContracts - Implementation: DbContext, CRUD service, REST endpoints, permissions - Admin UI: React/Inertia page for managing stored rules and viewing active policies - 4 built-in policies: fixed-default, sliding-strict, token-bucket, auth-strict - Navigation menu in admin sidebar - Add 18 unit tests covering policy registry and CRUD service - Register module in Host project, solution, and test infrastructure
- Use Dictionary<string, RateLimitPolicyDefinition> for O(1) policy lookup instead of linear List.Find on every rate-limited request - Pre-build rate limiter options at registration time instead of allocating per-request in the partition factory - Accept IRateLimitPolicyRegistry interface instead of concrete type in AddSimpleModuleRateLimiting to avoid leaking implementation details - Extract CreateRequestValidator class following the codebase convention used by Products, Orders, and Tenants modules - Extract API_BASE constant in Admin.tsx to eliminate hardcoded URL strings - Fix handleToggle to send only UpdateRateLimitRuleRequest fields instead of spreading the full entity (which includes id, policyName, timestamps)
Deploying simplemodule-website with
|
| Latest commit: |
367bd3a
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://71249f03.simplemodule-website.pages.dev |
| Branch Preview URL: | https://claude-add-rate-limiting-mod.simplemodule-website.pages.dev |
- Add page object (RateLimitingAdminPage) with selectors for heading, tabs, create dialog, rules table, and toggle/delete actions - Add smoke tests: page loads, tabs visible, active policies table - Add flow tests: full CRUD via API (create, read, update, delete), active policies endpoint verification, UI visibility after API create, create dialog opens from admin page
Resolve conflicts with Email module addition — keep both RateLimiting and Email modules in solution, host project, and test infrastructure.
Deploying simplemodule-docs with
|
| Latest commit: |
0465f49
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://037ff4c3.simplemodule.pages.dev |
| Branch Preview URL: | https://claude-add-rate-limiting-mod.simplemodule.pages.dev |
The RateLimiting admin page returned 500 because the database tables were never created in the test infrastructure. Added the missing EnsureTablesCreated<RateLimitingDbContext> call to the WebApplicationFactory initialization alongside all other module contexts. Also adds integration tests that verify the admin page and API endpoints return 200 for authenticated admin users.
The E2E tests failed because the RateLimiting_Rules table didn't exist in the SQLite database. The server uses MigrateAsync() on the HostDbContext which requires an explicit migration to create new tables. This migration creates the RateLimiting_Rules table with all columns, the unique index on PolicyName, and also includes pending BackgroundJobs and Email tables from the main branch merge.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a complete rate limiting system for SimpleModule, including policy management, database persistence, admin UI, and ASP.NET Core integration. The implementation supports three rate limiting algorithms (Fixed Window, Sliding Window, Token Bucket) with flexible targeting options (IP, User, IP+User, Global).
Key Changes
Core Framework
RateLimitPolicyType,RateLimitTarget,RateLimitPolicyDefinition, and registry interfaces toSimpleModule.CoreRateLimitPolicyRegistrysupporting fluent API for policy registration with case-insensitive lookupsRateLimit<TBuilder>()extension for declarative policy application to endpointsRate Limiting Module
RateLimitingServiceprovides CRUD operations for rate limit rules with database persistenceRateLimitingDbContextwithRateLimitRuleentity supporting all policy types and configurationsCreateRateLimitRuleRequest,UpdateRateLimitRuleRequest) with value objectRateLimitRuleIdASP.NET Core Integration
RateLimitHeaderMiddlewareadds rate limit policy information to response headersRateLimitingSetupconfigures ASP.NET Core's built-in rate limiting with three algorithm implementations:Retry-AfterheadersBuilt-in Policies
Module registers four default policies:
fixed-default: 60 requests/minute per IPsliding-strict: 30 requests/minute per IP+User with 6 segmentstoken-bucket: 100 token capacity, 10 tokens/10 seconds per IPauth-strict: 10 requests/minute for authentication endpointsTesting
Code Generation
ModuleExtensionsEmitterto collect and register rate limit policies from modulesHasConfigureRateLimitscapabilityNotable Implementation Details
https://claude.ai/code/session_01MR7ZSUPUM58TGcCZKXhCxn