Skip to content

fix: ratelimit #1937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 20, 2025
Merged

fix: ratelimit #1937

merged 1 commit into from
Nov 20, 2025

Conversation

@mfts
Copy link
Owner

@mfts mfts commented Nov 20, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Changes
    • Adjusted billing rate limits to accommodate higher request frequencies, increasing the allowed requests in the rate-limiting window.
    • Removed rate limiting enforcement from the team billing management endpoint, reducing access restrictions and allowing more flexible access patterns for billing operations.

✏️ Tip: You can customize this high-level summary in your review settings.

@vercel
Copy link

vercel bot commented Nov 20, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
papermark Ready Ready Preview Comment Nov 20, 2025 8:48pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 20, 2025
edited
Loading

Walkthrough

The billing rate limiter configuration is adjusted from 5 requests per 30 minutes to 10 requests per 20 minutes. Concurrently, rate limiting enforcement is removed from the POST endpoint that manages billing portal access, including removal of related imports and validation logic.

Changes

Cohort / File(s) Summary
Billing rate limiter configuration
ee/features/security/lib/ratelimit.ts		 Updated rateLimiters.billing sliding window parameters from Ratelimit.slidingWindow(5, "30 m") to Ratelimit.slidingWindow(10, "20 m")
Rate limiting removal from billing endpoint
pages/api/teams/[teamId]/billing/manage.ts		 Removed rate limit enforcement in POST request handler; deleted checkRateLimit invocation, IP address retrieval, and related imports (checkRateLimit, rateLimiters, getIpAddress)

Possibly related PRs

  • fix: ratelimt limits #1900: Modifies billing rate limiter configuration in ee/features/security/lib/ratelimit.ts, indicating concurrent rate-limiting adjustments.
  • feat: add ratelimiting #1874: Changes both the billing rate limiter setup in ee/features/security/lib/ratelimit.ts and the billing endpoint rate-limit enforcement in pages/api/teams/[teamId]/billing/manage.ts, suggesting coordinated rate-limiting modifications.

Pre-merge checks

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'fix: ratelimit' is vague and generic, using non-descriptive terms that don't convey meaningful information about the specific changes being made to the rate limiting configuration. Clarify the title with specific details about the changes, such as 'fix: adjust billing rate limiter parameters and remove rate limiting from manage endpoint' or similar to better describe the actual modifications.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ae31acb and e47a2c2.

📒 Files selected for processing (2)
  • ee/features/security/lib/ratelimit.ts (1 hunks)
  • pages/api/teams/[teamId]/billing/manage.ts (0 hunks)
💤 Files with no reviewable changes (1)
  • pages/api/teams/[teamId]/billing/manage.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (1)
ee/features/security/lib/ratelimit.ts (1)

18-21: Update both rate limit comments and verify the intentional configuration change.

The billing comment states "5 billing operations per hour per IP" but the implementation uses slidingWindow(10, "20 m") which allows 30 requests per hour. Additionally, the auth comment states "3 auth attempts per hour per IP" but uses the same configuration allowing 30 per hour.

Both auth and billing limiters now use identical configurations. Confirm this rate limit increase (from 10/hour to 30/hour) is intentional.

Update both comments:

  • Line 10: Change "3 auth attempts per hour per IP" to "10 auth attempts per 20 minutes per IP"
  • Line 19: Change "5 billing operations per hour per IP" to "10 billing operations per 20 minutes per IP"

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mfts mfts merged commit d2c0859 into main Nov 20, 2025
9 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Nov 20, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mfts