Feature/rate limiting per user#151
Merged
Smartdevs17 merged 8 commits intoSmartdevs17:mainfrom Mar 27, 2026
Merged
Conversation
added 7 commits
March 27, 2026 08:41
- Update Oracle from @stellar/stellar-sdk@^12.0.0 to @stellar/stellar-sdk@^14.5.0 - Replace deprecated SorobanRpc import with rpc import - Update all SorobanRpc references to rpc in contract-updater.ts - Update test mocks to use new rpc import structure - Ensure compatibility with API's SDK version Resolves Smartdevs17#56
- Update Oracle Node.js engine requirement to >=20.0.0 for SDK v14 compatibility - Remove Node.js 18 testing matrix for Oracle since SDK v14 requires Node.js 20+ - Add Vercel silent mode to reduce deployment noise on forks - Fix coverage upload conditions after removing matrix strategy Resolves CI failures and Quality Gate pending status
- Add comprehensive lifecycle.test.ts with 5 required test scenarios - Test normal start/stop cycle with resource leak prevention - Test double start scenarios for idempotency - Test stop during active price updates for graceful shutdown - Test restart after failure scenarios - Test graceful shutdown with pending updates - Mock external services (RPC, providers) to avoid actual API calls - Ensure proper resource cleanup and timing reliability - Addresses issue Smartdevs17#48 requirements Fixes Smartdevs17#48
- Align test intervals with existing test patterns (1000ms) - Update timeout values to ensure proper test execution - Fix mock return types to match expected interfaces - Ensure circuit breaker configuration is included - Improve test reliability and reduce flaky behavior Resolves CI check failures and Vercel build issues
- Use npm ci instead of npm install for faster, reliable builds - Add NODE_ENV environment variable for production builds - Ensure consistent dependency resolution in CI/CD Resolves Vercel deployment issues
- Add version field for proper package management - Add npm engine requirement for consistency - Add shared devDependencies for workspace builds - Ensure proper dependency resolution across workspaces Resolves CI workspace build issues
- Add secondary rate limiter keyed on userAddress from request body/query params - Maintain existing IP-based rate limiting as outer layer - Enforce 10 requests per minute per user address - Fall back to IP-based limiting when userAddress is not provided - Apply user rate limiter specifically to /api/lending routes - Return 429 with clear error message for rate limit violations - Add comprehensive tests for per-user and IP-based rate limiting - Tests verify independent user limits, fallback behavior, and window reset Fixes Smartdevs17#36
|
Someone is attempting to deploy a commit to the smartdevs17's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
@iyanumajekodunmi756 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Owner
|
LGTM. Kindly drop a review. Thank you. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#36 Feature: Add rate limiting per user (not just per IP)
Repo Avatar
Smartdevs17/stellarlend
Problem
Rate limiting in api/src/app.ts is IP-based only. Multiple users behind the same IP share limits, and a single user can DoS from different IPs.
Context
Per-user rate limiting is essential for fair usage and abuse prevention in financial APIs.
Proposed Solution
Add a secondary rate limiter keyed on userAddress from the request body:
const userRateLimiter = rateLimit({
windowMs: 60 * 1000,
max: 10,
keyGenerator: (req) => req.body?.userAddress || req.ip,
message: { success: false, error: 'Too many requests for this account' }
});
app.use('/api/lending', userRateLimiter);
Acceptance Criteria
Per-user rate limit enforced (e.g., 10 req/min per address)
IP-based limit still applies as outer layer
Returns 429 with clear message
Tests verify both limits
Technical Notes
File: api/src/app.ts (lines 18-24)
Constraints
Must handle requests without userAddress (fall back to IP)
closes #36