[kimi-task] [enhancement] Add rate limiting middleware for Matrix API endpoints #683

New Issue

Closed

opened 2026-03-21 03:12:14 +00:00 by kimi · 1 comment

kimi commented 2026-03-21 03:12:14 +00:00

Collaborator

Copy Link

Epic: Matrix Unification

Task

Add simple rate limiting to the /api/matrix/* endpoints to prevent abuse when deployed publicly.

Files

• src/dashboard/middleware/rate_limit.py — NEW: simple in-memory rate limiter
• src/dashboard/app.py — apply rate limiter to /api/matrix/* routes
• tests/unit/test_rate_limit.py — NEW: test rate limiting behavior

Acceptance Criteria

• RateLimiter class with configurable requests_per_minute per IP
• Default: 30 requests/minute for /api/matrix/* endpoints
• Returns 429 Too Many Requests when exceeded
• In-memory (dict), no external dependencies
• Cleanup of stale entries every 60 seconds
• tox -e unit passes
• tox -e lint passes

Context

When the Matrix becomes the public frontend at alexanderwhitestone.com,
the API endpoints need basic DoS protection. This is a simple in-memory rate limiter;
Redis-backed can come later if needed.

## Epic: Matrix Unification ## Task Add simple rate limiting to the /api/matrix/* endpoints to prevent abuse when deployed publicly. ## Files - src/dashboard/middleware/rate_limit.py — NEW: simple in-memory rate limiter - src/dashboard/app.py — apply rate limiter to /api/matrix/* routes - tests/unit/test_rate_limit.py — NEW: test rate limiting behavior ## Acceptance Criteria - [ ] RateLimiter class with configurable requests_per_minute per IP - [ ] Default: 30 requests/minute for /api/matrix/* endpoints - [ ] Returns 429 Too Many Requests when exceeded - [ ] In-memory (dict), no external dependencies - [ ] Cleanup of stale entries every 60 seconds - [ ] tox -e unit passes - [ ] tox -e lint passes ## Context When the Matrix becomes the public frontend at alexanderwhitestone.com, the API endpoints need basic DoS protection. This is a simple in-memory rate limiter; Redis-backed can come later if needed.

kimi self-assigned this 2026-03-21 03:12:14 +00:00

kimi referenced this issue from a commit 2026-03-21 16:22:24 +00:00

feat: add rate limiting middleware for Matrix API endpoints

kimi referenced a pull request that will close this issue 2026-03-21 16:22:45 +00:00

[kimi] Add rate limiting middleware for Matrix API endpoints (#683) #746

kimi commented 2026-03-21 16:22:58 +00:00

Author

Collaborator

Copy Link

PR created: http://143.198.27.163:3000/rockachopa/Timmy-time-dashboard/pulls/746

Summary of Changes

New Files

• src/dashboard/middleware/rate_limit.py - RateLimiter class and RateLimitMiddleware
• tests/unit/test_rate_limit.py - 30 test cases covering all functionality

Modified Files

• src/dashboard/middleware/__init__.py - Export new rate limiting classes
• src/dashboard/app.py - Apply middleware to /api/matrix/* routes

Implementation Details

• RateLimiter class: Tracks requests per IP using deque for O(1) popleft operations
• Sliding window: 60-second window with automatic cleanup every 60 seconds
• Proxy support: Respects X-Forwarded-For and X-Real-IP headers
• 429 Response: Returns proper Retry-After header when rate limited
• No external dependencies: Pure in-memory implementation

Verification

• tox -e unit passes (2620 passed, 1 skipped)
• tox -e lint passes (all checks clean)
• tox -e pre-push passes (full CI gate)

PR created: http://143.198.27.163:3000/rockachopa/Timmy-time-dashboard/pulls/746 ## Summary of Changes ### New Files - `src/dashboard/middleware/rate_limit.py` - RateLimiter class and RateLimitMiddleware - `tests/unit/test_rate_limit.py` - 30 test cases covering all functionality ### Modified Files - `src/dashboard/middleware/__init__.py` - Export new rate limiting classes - `src/dashboard/app.py` - Apply middleware to `/api/matrix/*` routes ## Implementation Details - **RateLimiter class**: Tracks requests per IP using `deque` for O(1) popleft operations - **Sliding window**: 60-second window with automatic cleanup every 60 seconds - **Proxy support**: Respects `X-Forwarded-For` and `X-Real-IP` headers - **429 Response**: Returns proper `Retry-After` header when rate limited - **No external dependencies**: Pure in-memory implementation ## Verification - `tox -e unit` passes (2620 passed, 1 skipped) - `tox -e lint` passes (all checks clean) - `tox -e pre-push` passes (full CI gate)

kimi closed this issue 2026-03-21 16:23:17 +00:00

kimi referenced this issue from a commit 2026-03-21 16:23:17 +00:00

[kimi] Add rate limiting middleware for Matrix API endpoints (#683) (#746)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

gemini/issue-892

claude/issue-1342

claude/issue-1346

claude/issue-1351

claude/issue-1340

fix/test-llm-triage-syntax

gemini/issue-1014

gemini/issue-932

claude/issue-1277

claude/issue-1139

claude/issue-870

claude/issue-1285

claude/issue-1292

claude/issue-1281

claude/issue-917

claude/issue-1275

claude/issue-925

claude/issue-1019

claude/issue-1094

claude/issue-1019-v3

fix/flaky-vassal-xdist-tests

fix/test-config-env-isolation

claude/issue-1019-v2

claude/issue-957-v2

claude/issue-1218

claude/issue-1217

test/chat-store-unit-tests

claude/issue-1191

claude/issue-1186

claude/issue-957

gemini/issue-936

claude/issue-1065

gemini/issue-976

gemini/issue-1149

claude/issue-1135

claude/issue-1064

gemini/issue-1012

claude/issue-1095

claude/issue-1102

claude/issue-1114

gemini/issue-978

gemini/issue-971

claude/issue-1074

claude/issue-987

claude/issue-1011

feature/internal-monologue

feature/issue-1006

feature/issue-1007

feature/issue-1008

feature/issue-1009

feature/issue-1010

feature/issue-1011

feature/issue-1012

feature/issue-1013

feature/issue-1014

feature/issue-981

feature/issue-982

feature/issue-983

feature/issue-984

feature/issue-985

feature/issue-986

feature/issue-987

feature/issue-993

claude/issue-943

claude/issue-975

claude/issue-989

claude/issue-988

fix/loop-guard-gitea-api-and-queue-validation

feature/lhf-tech-debt-fixes

kimi/issue-753

kimi/issue-714

kimi/issue-716

fix/csrf-check-before-execute

chore/migrate-gitea-to-vps

kimi/issue-640

fix/utcnow-calm-py

kimi/issue-635

kimi/issue-625

fix/router-api-truncated-param

kimi/issue-604

kimi/issue-594

review-fixes

kimi/issue-570

kimi/issue-554

kimi/issue-539

kimi/issue-540

feature/ipad-v1-api

kimi/issue-506

kimi/issue-512

refactor/airllm-doc-cleanup

kimi/issue-513

kimi/issue-514

kimi/issue-500

kimi/issue-492

kimi/issue-490

kimi/issue-459

kimi/issue-472

kimi/issue-473

kimi/issue-462

kimi/issue-463

kimi/issue-454

kimi/issue-445

kimi/issue-446

kimi/issue-431

GoldenRockachopa

hermes/v0.1

Labels

Clear labels

222-epic

Workshop: Timmy as Presence (Epic #222)

actionable

Has a concrete code/config task extracted

assigned-claude

Issue currently assigned to Claude agent — do not assign to another agent

assigned-gemini

Issue currently assigned to Gemini agent — do not assign to another agent

assigned-groq

assigned-kimi

Issue currently assigned to Kimi agent — do not assign to another agent

assigned-manus

Issue currently assigned to Manus agent — do not assign to another agent

claude-ready

consolidation

Part of a consolidation epic

deprioritized

Keep open but not blocking P0 work

deprioritized

Keep open but not blocking P0 work

duplicate

Duplicate of another issue

gemini-review

Auto-generated by Gemini, needs relevance review

groq-ready

harness

Core product: agent framework, heartbeat, inference, memory

heartbeat

Harness: Agent heartbeat loop

inference

Harness: Inference and model routing

infrastructure

Supporting stage: dashboard, CI/CD, deployment, DNS

kimi-ready

Scoped and ready for Kimi to pick up

memory-session

Harness: Memory and session crystallization

morrowind

Harness: Morrowind embodiment

needs-design

Needs architectural design before implementation

needs-extraction

Philosophy with unextracted engineering work

p0-critical

Priority 0: Must fix now

p1-important

Priority 1: Important, next sprint

p2-backlog

Priority 2: Backlog, do when time permits

philosophy

Philosophical foundation — informs architecture decisions

rejected-direction

Closed: rejected or superseded direction

seed:know-purpose

Three Seeds: KNOW YOUR PURPOSE

seed:serve-real

Three Seeds: SERVE THE REAL

seed:tell-truth

Three Seeds: TELL THE TRUTH

sovereignty

Harness: Sovereignty stack

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Timmy claude grok groq kimi manus perplexity Rockachopa

No Assignees kimi

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#683