admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add rate limit response headers (X-RateLimit-*, Retry-After)

Browse Source 
Custom rate limiter replacing Echo built-in, with per-IP token bucket.
Every response includes X-RateLimit-Limit, Remaining, Reset headers.
429 responses additionally include Retry-After (seconds).
CORS updated to expose rate limit headers to mobile clients.
4 unit tests for header behavior and per-IP isolation.
This commit is contained in:
Trey T
2026-03-26 14:36:48 -05:00
parent b679f28e55
commit 6df27f203b
3 changed files with 294 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/router/router.go
View File

@@ -309,7 +309,7 @@ func corsMiddleware(cfg *config.Config) echo.MiddlewareFunc {
AllowOrigins: origins,
AllowMethods: []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodPatch, http.MethodDelete, http.MethodOptions},
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAuthorization, "X-Requested-With", "X-Timezone"},
ExposeHeaders: []string{echo.HeaderContentLength},
ExposeHeaders: []string{echo.HeaderContentLength, "X-RateLimit-Limit", "X-RateLimit-Remaining", "X-RateLimit-Reset", "Retry-After"},
AllowCredentials: false,
MaxAge: int((12 * time.Hour).Seconds()),
})