Skip to content

feat(api): implement global API rate limiting for enhanced security#47

Merged
AYUSHDAS0601 merged 2 commits into
AYUSHDAS0601:mainfrom
MsParadox:feat/api-rate-limiting
Jun 11, 2026
Merged

feat(api): implement global API rate limiting for enhanced security#47
AYUSHDAS0601 merged 2 commits into
AYUSHDAS0601:mainfrom
MsParadox:feat/api-rate-limiting

Conversation

@MsParadox

@MsParadox MsParadox commented Jun 11, 2026

Copy link
Copy Markdown

Pull Request: Implement Global API Rate Limiting

🎯 Overview

This PR integrates a global rate limiting architecture into the Rent-Mate backend API. By enforcing a strict request limit per IP address, this security enhancement actively protects the application against brute-force authentication attacks, potential Denial of Service (DoS) attempts, and automated database spamming.

🔗 Linked Issue

Closes #33

🛠️ Type of Change

  • Security Enhancement (Protects exposed endpoints from abuse)
  • Feature (Adds @nestjs/throttler capability)

💻 Detailed Changes

1. Dependency Integration

  • Installed the official @nestjs/throttler package within the apps/api workspace.
  • Updated the root package-lock.json to reflect the new monorepo dependency.

2. Module Configuration

  • Imported and configured ThrottlerModule inside apps/api/src/app.module.ts.
  • Established a secure baseline limit: 100 requests per 60 seconds (1 minute) per IP.

3. Global Guard Registration

  • Bound the ThrottlerGuard globally using NestJS's APP_GUARD provider.
  • This architectural choice ensures that all existing endpoints, as well as any future controllers added to the application, inherit this baseline protection automatically without requiring manual route-by-route decorators.

🧪 Verification & Expected Behavior

  • Normal Traffic: Standard UI and Mobile app navigation remains well under the 100 requests/minute threshold and functions transparently without interruption.
  • Abuse Prevention: If a client exceeds 100 requests within a rolling 60-second window, the API immediately intercepts the request and returns an HTTP 429 Too Many Requests status code.
  • Compilation: Verified the backend compiles and bootstraps successfully with the new global provider configuration.

✅ Reviewer Checklist

  • Dependencies updated correctly within the monorepo structure.
  • Global guard registered accurately without accidental route bypasses.
  • APP_GUARD provider order does not conflict with existing global configurations.

@AYUSHDAS0601 AYUSHDAS0601 added NSoC26 Nexus Spring of Code Level 3 Level 2 labels Jun 11, 2026
@AYUSHDAS0601 AYUSHDAS0601 merged commit e1b878a into AYUSHDAS0601:main Jun 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Level 2 Level 3 NSoC26 Nexus Spring of Code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature]: Implement Global API Rate Limiting to enhance security

2 participants

@MsParadox @AYUSHDAS0601