You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
services/tts/src/server.ts does not configure any rate limiting middleware. Burst requests to the TTS service can exhaust provider API quota or the job queue, causing failures for legitimate users.
Acceptance Criteria
Add express-rate-limit middleware with configurable TTS_RATE_LIMIT_PER_MINUTE (default 60)
Add IP-based rate limiting for anonymous callers and API-key-based limits for authenticated callers
Return 429 with a Retry-After header when the limit is exceeded
Add a test verifying the rate limit fires on the N+1 request
Labels: tts, security, reliability
Priority: Medium
Description
services/tts/src/server.ts does not configure any rate limiting middleware. Burst requests to the TTS service can exhaust provider API quota or the job queue, causing failures for legitimate users.
Acceptance Criteria