Skip to content

feat(server): add rate limiting middleware #91

Open
Open
feat(server): add rate limiting middleware#91
Labels
featrequest for or implementation of a new featuregood first issuesimple and well-defined issue, good for newcomersservernvisy-server: API handlers, middleware, auth
@martsokha

Description

@martsokha
martsokha
opened on Mar 26, 2026

Context

The server does not enforce per-client or per-tenant rate limits. Rate limiting is required for API hardening and is called out in the runtime's INFRASTRUCTURE.md.

Requirements

  • Middleware-based rate limiting with configurable thresholds
  • Per-client (API token or session) and per-workspace tracking
  • Configurable limits per endpoint category:
    • Authentication endpoints: stricter limits to prevent brute-force
    • File upload and job dispatch: throughput-based limits
    • Read endpoints: higher allowances
  • Return 429 Too Many Requests with Retry-After header
  • Rate limit state storage (in-memory or Redis-backed for multi-instance deployments)

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    featrequest for or implementation of a new featuregood first issuesimple and well-defined issue, good for newcomersservernvisy-server: API handlers, middleware, auth

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions