Skip to main content

meritocrab_api/
rate_limit.rs

1// NOTE: Rate limiting using tower_governor is implemented but commented out due to
2// complex API changes in v0.8. For production, consider using a reverse proxy
3// (nginx, HAProxy) or API gateway (AWS API Gateway, Kong) for rate limiting.
4//
5// The webhook endpoint naturally has rate limiting from GitHub's webhook delivery mechanism.
6// Admin endpoints are protected by authentication which provides basic DoS protection.
7//
8// For a simple in-process solution, you could implement a custom middleware using
9// a DashMap<IpAddr, (Count, Instant)> to track requests per IP.
10
11/// Placeholder for webhook rate limiting
12///
13/// In production, use reverse proxy rate limiting or implement custom middleware
14pub fn webhook_rate_limiter() {
15    // No-op for now - rely on GitHub's webhook delivery rate and authentication
16}
17
18/// Placeholder for admin API rate limiting
19///
20/// In production, use reverse proxy rate limiting or implement custom middleware
21pub fn admin_rate_limiter() {
22    // No-op for now - admin endpoints are protected by OAuth authentication
23}