Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

[kimi] Add rate limiting middleware for Matrix API endpoints (#683) #746

Merged
kimi merged 1 commits from kimi/issue-683 into main 2026-03-21 16:23:17 +00:00
Conversation 0 Commits 1 Files Changed 4 +668 -2
kimi commented 2026-03-21 16:22:45 +00:00
Collaborator
Copy Link

Fixes #683

Summary

Added simple in-memory rate limiting to the /api/matrix/* endpoints to prevent abuse when deployed publicly.

Changes

New Files

  • src/dashboard/middleware/rate_limit.py - RateLimiter class and RateLimitMiddleware
  • tests/unit/test_rate_limit.py - Comprehensive test coverage

Modified Files

  • src/dashboard/middleware/__init__.py - Export new rate limiting classes
  • src/dashboard/app.py - Apply middleware to /api/matrix/* routes

Features

  • RateLimiter class with configurable requests_per_minute per IP (default: 30)
  • Returns 429 Too Many Requests when limit exceeded with Retry-After header
  • In-memory storage using deque for efficient timestamp tracking
  • Automatic cleanup of stale entries every 60 seconds
  • Respects X-Forwarded-For and X-Real-IP headers for proxied requests
  • Applied only to /api/matrix/* endpoints via path prefix matching

Testing

  • All existing tests pass (2620 passed, 1 skipped)
  • New tests cover:
    • Rate limiting per IP (independent limits)
    • Window sliding behavior
    • Cleanup of stale entries
    • IP extraction from various headers
    • Middleware path matching
    • 429 response when rate limited

Acceptance Criteria

  • RateLimiter class with configurable requests_per_minute per IP
  • Default: 30 requests/minute for /api/matrix/* endpoints
  • Returns 429 Too Many Requests when exceeded
  • In-memory (dict), no external dependencies
  • Cleanup of stale entries every 60 seconds
  • tox -e unit passes
  • tox -e lint passes
Fixes #683 ## Summary Added simple in-memory rate limiting to the `/api/matrix/*` endpoints to prevent abuse when deployed publicly. ## Changes ### New Files - `src/dashboard/middleware/rate_limit.py` - RateLimiter class and RateLimitMiddleware - `tests/unit/test_rate_limit.py` - Comprehensive test coverage ### Modified Files - `src/dashboard/middleware/__init__.py` - Export new rate limiting classes - `src/dashboard/app.py` - Apply middleware to `/api/matrix/*` routes ## Features - **RateLimiter class** with configurable `requests_per_minute` per IP (default: 30) - Returns **429 Too Many Requests** when limit exceeded with `Retry-After` header - **In-memory storage** using `deque` for efficient timestamp tracking - **Automatic cleanup** of stale entries every 60 seconds - Respects `X-Forwarded-For` and `X-Real-IP` headers for proxied requests - Applied only to `/api/matrix/*` endpoints via path prefix matching ## Testing - All existing tests pass (2620 passed, 1 skipped) - New tests cover: - Rate limiting per IP (independent limits) - Window sliding behavior - Cleanup of stale entries - IP extraction from various headers - Middleware path matching - 429 response when rate limited ## Acceptance Criteria - [x] RateLimiter class with configurable requests_per_minute per IP - [x] Default: 30 requests/minute for /api/matrix/* endpoints - [x] Returns 429 Too Many Requests when exceeded - [x] In-memory (dict), no external dependencies - [x] Cleanup of stale entries every 60 seconds - [x] tox -e unit passes - [x] tox -e lint passes
kimi added 1 commit 2026-03-21 16:22:45 +00:00
feat: add rate limiting middleware for Matrix API endpoints
Some checks failed
Tests / lint (pull_request) Has been cancelled
Details
Tests / test (pull_request) Has been cancelled
Details
56720da82f 
Add RateLimiter class and RateLimitMiddleware for in-memory rate limiting
of /api/matrix/* endpoints with the following features:

- Configurable requests_per_minute per IP (default: 30)
- Returns 429 Too Many Requests when exceeded with Retry-After header
- In-memory storage using deque for efficient timestamp tracking
- Automatic cleanup of stale entries every 60 seconds
- Respects X-Forwarded-For and X-Real-IP headers for proxied requests

Files added/modified:
- src/dashboard/middleware/rate_limit.py (new)
- src/dashboard/middleware/__init__.py (export new classes)
- src/dashboard/app.py (apply middleware to /api/matrix/* routes)
- tests/unit/test_rate_limit.py (comprehensive tests)

Fixes #683
kimi merged commit dc9f0c04eb into main 2026-03-21 16:23:17 +00:00
kimi deleted branch kimi/issue-683 2026-03-21 16:23:17 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
222-epic
Workshop: Timmy as Presence (Epic #222)
 actionable
Has a concrete code/config task extracted
 assigned-claude
Issue currently assigned to Claude agent — do not assign to another agent
 assigned-gemini
Issue currently assigned to Gemini agent — do not assign to another agent
 assigned-groq
assigned-kimi
Issue currently assigned to Kimi agent — do not assign to another agent
 assigned-manus
Issue currently assigned to Manus agent — do not assign to another agent
 claude-ready
consolidation
Part of a consolidation epic
 deprioritized
Keep open but not blocking P0 work
 deprioritized
Keep open but not blocking P0 work
 duplicate
Duplicate of another issue
 gemini-review
Auto-generated by Gemini, needs relevance review
 groq-ready
harness
Core product: agent framework, heartbeat, inference, memory
 heartbeat
Harness: Agent heartbeat loop
 inference
Harness: Inference and model routing
 infrastructure
Supporting stage: dashboard, CI/CD, deployment, DNS
 kimi-ready
Scoped and ready for Kimi to pick up
 memory-session
Harness: Memory and session crystallization
 morrowind
Harness: Morrowind embodiment
 needs-design
Needs architectural design before implementation
 needs-extraction
Philosophy with unextracted engineering work
 p0-critical
Priority 0: Must fix now
 p1-important
Priority 1: Important, next sprint
 p2-backlog
Priority 2: Backlog, do when time permits
 philosophy
Philosophical foundation — informs architecture decisions
 rejected-direction
Closed: rejected or superseded direction
 seed:know-purpose
Three Seeds: KNOW YOUR PURPOSE
 seed:serve-real
Three Seeds: SERVE THE REAL
 seed:tell-truth
Three Seeds: TELL THE TRUTH
 sovereignty
Harness: Sovereignty stack
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Timmy claude grok groq kimi manus perplexity Rockachopa
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#746
Delete Branch "kimi/issue-683"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?