Skip to content

[codex] Derive trusted rate limit keys#230

Open
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-48-trusted-rate-limit-key
Open

[codex] Derive trusted rate limit keys#230
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-48-trusted-rate-limit-key

Conversation

@pq198363-ops

Copy link
Copy Markdown

Closes #48

Summary

  • Added TRUST_PROXY parsing and wired Express trust proxy before request middleware runs.
  • Kept trust disabled by default; true, yes, on, and 1 map to one trusted proxy hop, while positive integers configure explicit hop counts.
  • Derived rate-limit buckets from a recognized X-API-Key first, using a SHA-256 digest so bucket keys do not store the raw secret.
  • Fell back to Express' trusted client IP for unauthenticated traffic, preserving the existing 429 rate_limited response and Retry-After header.
  • Documented proxy deployment assumptions and API-key based rate-limit isolation in the README.

Threat model

Spoofed X-Forwarded-For values must not bypass rate limiting when TRUST_PROXY is unset. Operators should only enable TRUST_PROXY behind a load balancer or reverse proxy they control, where inbound forwarding headers are stripped or overwritten. Authenticated tenants behind the same NAT should not throttle each other once their API keys are recognized.

RED / GREEN evidence

RED before implementation:

  • npm run build; $env:NODE_ENV='test'; node --test dist/ratelimit-key.test.js failed because TRUST_PROXY=1 still produced 429 after 60 distinct forwarded IPs.
  • The same focused test failed because a second valid API key behind the same IP also received 429 after the first key filled the IP bucket.

GREEN after implementation:

  • npm run build; $env:NODE_ENV='test'; node --test dist/ratelimit-key.test.js passed 3 focused tests.

Validation

  • npx prettier --check README.md src/index.ts src/middleware/index.ts src/store/state.ts src/ratelimit-key.test.ts
  • npm run lint
  • git diff --check
  • Cleaned dist/, then npm run build
  • $env:NODE_ENV='test'; node --test dist/*.test.js dist/**/*.test.js

Result: full clean test run passed, 92 tests across 11 suites.

Notes

npm test uses POSIX inline NODE_ENV=test, so on Windows PowerShell I used the equivalent $env:NODE_ENV='test'; node --test ... command after building.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Replace the per-IP rate limiter with a trustworthy key behind a proxy (trust proxy + X-Forwarded-For)

1 participant