Skip to content

fix: persist burn interactions via API and add rate limiting to analytics endpoint#287

Merged
3m1n3nc3 merged 1 commit intogeevapp:mainfrom
mftee:fix/burn-persistence-analytics-ratelimit-179-200
Apr 24, 2026
Merged

fix: persist burn interactions via API and add rate limiting to analytics endpoint#287
3m1n3nc3 merged 1 commit intogeevapp:mainfrom
mftee:fix/burn-persistence-analytics-ratelimit-179-200

Conversation

@mftee
Copy link
Copy Markdown
Contributor

@mftee mftee commented Apr 23, 2026

Summary

  • Wires the burn button in PostCard to POST /api/posts/:id/burn so interactions are persisted to the database; applies optimistic UI update immediately and rolls back on failure; uses the server-returned count to reconcile the displayed burn count
  • Adds lib/rate-limit.ts — a simple in-memory token-bucket limiter (no extra dependencies) and applies it to POST /api/analytics/events at 60 requests per minute per IP, returning 429 when exceeded
  • The analytics route already uses auth() for userId rather than the client-controlled x-user-id header

closes #179
closes #200

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 23, 2026

@mftee Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@3m1n3nc3 3m1n3nc3 merged commit 8142c71 into geevapp:main Apr 24, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add rate limiting to the analytics events endpoint Like and burn interactions are not persisted — state resets on reload

2 participants

@mftee @3m1n3nc3