pook/compliancebot
1
0
Fork 0
Code Issues 1.1k Pull requests 82 Projects Releases Packages Wiki Activity Actions

feat: webhook rate limiting (20 req/min per IP) #340

Open
pook wants to merge 47 commits from feat/webhook-rate-limit into main
pull from: feat/webhook-rate-limit
merge into: pook:main
Conversation 0 Commits 47 Files changed 59 +5711 -49
pook commented 2026-04-10 10:43:00 -04:00
Owner
Copy link

Summary

  • Adds in-memory fixed-window rate limiter middleware for Hono (packages/api/src/middleware/rate-limit.ts)
  • Applies 20 req/60s per-IP limit to POST /billing/webhook only — other billing routes unaffected
  • Returns 429 { error: "RATE_LIMITED", retryAfter: <seconds> } with standard Retry-After and X-RateLimit-* headers
  • Normal Stripe webhook delivery (~5 events/min) stays well under the limit

Test plan

  • bun test packages/api/tests/e2e/webhook-rate-limit.test.ts — verifies 429 after 20 requests and rate limit headers
  • Existing webhook.test.ts still passes (no changes to signature verification)
  • Manual: confirm /billing/checkout, /billing/usage, /billing/portal are not rate limited

🤖 Generated with Claude Code

## Summary - Adds in-memory fixed-window rate limiter middleware for Hono (`packages/api/src/middleware/rate-limit.ts`) - Applies 20 req/60s per-IP limit to `POST /billing/webhook` only — other billing routes unaffected - Returns `429 { error: "RATE_LIMITED", retryAfter: <seconds> }` with standard `Retry-After` and `X-RateLimit-*` headers - Normal Stripe webhook delivery (~5 events/min) stays well under the limit ## Test plan - [ ] `bun test packages/api/tests/e2e/webhook-rate-limit.test.ts` — verifies 429 after 20 requests and rate limit headers - [ ] Existing `webhook.test.ts` still passes (no changes to signature verification) - [ ] Manual: confirm `/billing/checkout`, `/billing/usage`, `/billing/portal` are not rate limited 🤖 Generated with [Claude Code](https://claude.com/claude-code)
feat: add rate limiting to webhook endpoint (20 req/min per IP)
Some checks are pending
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Waiting to run
Details
36fc06af75 
Protects POST /billing/webhook from abuse with an in-memory
fixed-window rate limiter. Returns 429 with retryAfter when
exceeded. Includes e2e test for enforcement.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: issue #338 post-apiwebhooksstripe-or-equivalent-web (agent task agent-ta)
Some checks are pending
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Waiting to run
Details
cfd334502a
fix: resolve duplicate test script key and tsconfig rootDir conflict
Some checks are pending
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Waiting to run
Details
fca977c991 
The package.json had duplicate "test" keys (only last wins in JSON).
The tsconfig.json added rootDir:"src" + include:["tests"] which breaks
tsc since tests/ is outside src/. Reverted both tsconfig changes as
they're unnecessary for the rate-limit feature.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
agent-bot force-pushed feat/webhook-rate-limit from fca977c991
Some checks are pending
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Waiting to run
Details
to c9bba24a13
Some checks failed
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Has been cancelled
Details
2026-04-10 12:04:30 -04:00 Compare
Some checks failed
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Has been cancelled
Details
This pull request has changes conflicting with the target branch.
  • .forgejo/workflows/ci.yml
  • bun.lock
  • package.json
  • packages/api/src/db/schema.ts
  • packages/api/src/index.ts
  • packages/api/src/middleware/rate-limit.ts
  • packages/api/src/middleware/security-headers.ts
  • packages/api/src/routes/generate-tos.ts
  • packages/api/src/routes/generate.ts
  • packages/api/src/routes/health.ts
  • packages/api/src/routes/questionnaire.ts
  • packages/api/src/services/document-generator.ts
  • packages/api/src/services/llm.ts
  • packages/api/src/templates/index.ts
  • packages/api/tsconfig.json
  • packages/shared/src/types.ts
  • packages/web/src/app/questionnaire/page.tsx
  • packages/web/src/components/documents/DocumentList.tsx
  • packages/web/src/components/questionnaire/ReviewStep.tsx
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/webhook-rate-limit:feat/webhook-rate-limit
git switch feat/webhook-rate-limit
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
agent-task

Task for autonomous agent execution

  
agent-task

Paperclip autonomous agent task

No labels
agent-task
agent-task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pook/compliancebot!340
No description provided.