Skip to content

feat: @ratelimit(strategy, limit, window) route decorator#8

Merged
BlobMaster41 merged 1 commit into
mainfrom
feat/ratelimit-decorator
Jun 15, 2026
Merged

feat: @ratelimit(strategy, limit, window) route decorator#8
BlobMaster41 merged 1 commit into
mainfrom
feat/ratelimit-decorator

Conversation

@BlobMaster41

Copy link
Copy Markdown

Adds the @ratelimit(strategy, limit, window) route decorator. Pairs with toil-backend feat/email-ratelimit (the env::ratelimit_check host import) and toiljs feat/client-ip (the RateLimitService runtime) — all three land together.

  • src/ast.ts: recognize @ratelimit (DecoratorKind.Ratelimit).
  • src/parser.ts: in buildRouteBlock, lower it to a RateLimitService.guard(routeId, tag, limit, window) call prepended to the route block, before the @auth guard — so it shields the auth/body path from a flood and rate-limits unauthenticated brute force.

strategy is a RateLimit enum member (FixedWindow/SlidingWindow/TokenBucket) or a bare integer tag; limit/window must be integer literals, else no guard is emitted (fail-safe, like @cache). A program-wide counter assigns each rate-limited route a stable id; the limiter + 429 response live host-side / in toiljs.

Recognize @ratelimit in the AST and lower it in buildRouteBlock to a
RateLimitService.guard(routeId, tag, limit, window) call prepended to the route
block, BEFORE the @auth guard (so it shields auth/body from a flood and
rate-limits unauthenticated brute force). strategy is a RateLimit enum member
or a bare int tag; limit/window must be integer literals, else no guard
(fail-safe, like @cache). Program-wide route-id counter; the runtime + 429
response live in toiljs (RateLimitService).
@BlobMaster41 BlobMaster41 merged commit 609ff78 into main Jun 15, 2026
4 checks passed
@BlobMaster41 BlobMaster41 deleted the feat/ratelimit-decorator branch June 15, 2026 02:01
BlobMaster41 added a commit that referenced this pull request Jun 26, 2026
…-file (audit #7/#8/#18)

- checkRpcSurfaceCollisions: reject duplicate client-facing Server keys (two @services lowercasing to the
  same key, a free @Remote shadowing a @service / reserved REST / Stream) and FNV method-id collisions,
  before the surface is emitted - else the generated Server object/type silently overwrites a key, or a
  collided id routes to the wrong method at dispatch. Verified: a free @Remote 'stats' colliding with
  @service Stats now fails the build with a clear message.
- cli --rpcSurfaceFiles: a missing surface file now raises File_0_not_found (mirrors the entry loop)
  instead of being silently skipped.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant