Skip to content

Add ratelimiting #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ImShyMike merged 2 commits into from
Dec 8, 2025
Merged

Add ratelimiting #37

ImShyMike merged 2 commits into from
Dec 8, 2025

Conversation

@ImShyMike
Copy link
Member

@ImShyMike ImShyMike commented Dec 8, 2025

No description provided.

@ImShyMike ImShyMike linked an issue Dec 8, 2025 that may be closed by this pull request
Add ratelimiting #35
Closed
@ImShyMike ImShyMike requested a review from Copilot December 8, 2025 20:01
sentry[bot]
sentry bot reviewed Dec 8, 2025
View reviewed changes
Copilot AI reviewed Dec 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds rate limiting to the API using SlowAPI with Redis as the storage backend. The implementation protects authentication endpoints (OTP send/validate) and expensive external API operations (Hackatime integrations) from abuse while maintaining a reasonable default limit for all other endpoints.

Key changes:

  • Created centralized rate limiting configuration in lib/ratelimiting.py with Redis storage
  • Integrated SlowAPI middleware and exception handling into the FastAPI application
  • Applied strict rate limits (5/hour) to OTP authentication endpoints
  • Applied moderate rate limits (5/minute) to Hackatime integration endpoints

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
lib/ratelimiting.py New module defining rate limiter configuration with Redis backend, default 120 requests/minute
main.py Integrated SlowAPI middleware, exception handler, and limiter into FastAPI app; improved import organization
api/v1/auth/main.py Applied 5/hour rate limits to OTP send and validate endpoints
api/v1/users/main.py Applied 5/minute rate limits to Hackatime time recalculation and account linking retry endpoints
api/v1/projects/main.py Applied 5/minute rate limits to Hackatime project link/unlink endpoints

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

thesleepyniko
thesleepyniko approved these changes Dec 8, 2025
View reviewed changes
Copy link
Collaborator

@thesleepyniko thesleepyniko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ImShyMike ImShyMike merged commit c60e475 into main Dec 8, 2025
1 check passed
@ImShyMike ImShyMike deleted the 35-add-ratelimiting branch December 8, 2025 20:17
@ImShyMike ImShyMike self-assigned this Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@thesleepyniko thesleepyniko thesleepyniko approved these changes

@jleuth jleuth Awaiting requested review from jleuth

+1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ImShyMike ImShyMike

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add ratelimiting

3 participants

@ImShyMike @thesleepyniko