FeatRate Limiting Implementation

backend/package.json

@@ -26,6 +26,7 @@
         "node-cron": "^3.0.3",
         "nodemailer": "^8.0.1",
         "pg": "^8.11.3",
+        "rate-limit-redis": "^4.3.1",
         "ws": "^8.14.2"
     },
     "devDependencies": {

backend/src/index.ts

@@ -14,9 +14,10 @@ import { validateStartupConfigOrThrow, buildStartupSummary, type StartupConfig }
 import { getFeatureFlags, getPublicFeatureFlags } from './config/featureFlags.js'
 import { isRedisAvailable, logQueueStartup } from './queue/connection.js'
 import { startQueueScheduler } from './queue/scheduler.js'
-import { startPortfolioCheckWorker } from './queue/workers/portfolioCheckWorker.js'
-import { startRebalanceWorker } from './queue/workers/rebalanceWorker.js'
-import { startAnalyticsSnapshotWorker } from './queue/workers/analyticsSnapshotWorker.js'
+import { closeAllQueues } from './queue/queues.js'
+import { startPortfolioCheckWorker, stopPortfolioCheckWorker } from './queue/workers/portfolioCheckWorker.js'
+import { startRebalanceWorker, stopRebalanceWorker } from './queue/workers/rebalanceWorker.js'
+import { startAnalyticsSnapshotWorker, stopAnalyticsSnapshotWorker } from './queue/workers/analyticsSnapshotWorker.js'
 
 let startupConfig: StartupConfig
 try {

backend/src/middleware/rateLimit.ts

@@ -1,9 +1,45 @@
 import { rateLimit, type Options } from 'express-rate-limit'
+import { RedisStore } from 'rate-limit-redis'
+import { default as IORedis } from 'ioredis'
+import { REDIS_URL } from '../queue/connection.js'
+import { logger } from '../utils/logger.js'
 
 const windowMs = Number(process.env.RATE_LIMIT_WINDOW_MS) || 60 * 1000
 const max = Number(process.env.RATE_LIMIT_MAX) || 100
 const writeMax = Number(process.env.RATE_LIMIT_WRITE_MAX) || 10
 
+let redisClient: IORedis | undefined;
+
+if (process.env.NODE_ENV !== 'test') {
+    try {
+        redisClient = new IORedis(REDIS_URL, {
+            lazyConnect: true,
+            connectTimeout: 3000,
+            maxRetriesPerRequest: 1,
+            enableReadyCheck: false,
+        });
+        redisClient.on('error', (err) => {
+            // Suppress unhandled rejections during test or when Redis is down
+            logger.warn('[RATE-LIMIT] Redis connection error: ' + err.message);
+        });
+    } catch (error) {
+        logger.warn('[RATE-LIMIT] Failed to initialize Redis store, falling back to memory store: ', error);
+    }
+}
+
+function createRedisStore(prefix: string): RedisStore | undefined {
+    if (!redisClient) return undefined;
+    return new RedisStore({
+        prefix,
+        sendCommand: async (...args: string[]) => {
+            if (args.length === 0) return;
+            const command = args[0];
+            const rest = args.slice(1);
+            return await redisClient!.call(command, ...rest) as any;
+        }
+    });
+}
+
 function createHandler(ms: number) {
     const retryAfterSec = Math.ceil(ms / 1000)
     return (req: import('express').Request, res: import('express').Response) => {
@@ -26,11 +62,19 @@ const baseOptions: Partial<Options> = {
 export const globalRateLimiter = rateLimit({
     ...baseOptions,
     max,
-    handler: createHandler(windowMs)
+    handler: createHandler(windowMs),
+    store: createRedisStore('rl:global:')
 })
 
 export const writeRateLimiter = rateLimit({
     ...baseOptions,
     max: writeMax,
-    handler: createHandler(windowMs)
+    handler: createHandler(windowMs),
+    store: createRedisStore('rl:write:'),
+    keyGenerator: (req) => {
+        // IP + wallet-address based throttling for critical routes
+        const walletAddress = req.body?.userAddress || req.params?.address || 'unknown';
+        const ip = req.ip || req.socket.remoteAddress || 'unknown-ip';
+        return `write_limit:${walletAddress}:${ip}`;
+    }
 })

backend/src/services/databaseService.ts

@@ -3,6 +3,8 @@ import { mkdirSync } from 'node:fs'
 import { dirname } from 'node:path'
 import { randomUUID } from 'node:crypto'
 import type { RebalanceEvent } from './rebalanceHistory.js'
+import { getFeatureFlags } from '../config/featureFlags.js'
+import { ConflictError } from '../types/index.js'
 
 
 // ─────────────────────────────────────────────