vibed

Commit Graph

Author	SHA1	Message	Date
Elijah Voigt	db71399b2f	feat(quotesdb): add Cloudflare WAF rate limiting rules via OpenTofu Adds infra/rate-limits.tf with a cloudflare_ruleset (phase: http_ratelimit) implementing per-IP rate limits on all mutating API endpoints: - PUT /api/quotes: 5 requests per 10 minutes (quote creation) - POST /api/quotes/:id/report: 3 requests per hour (abuse reports) - POST /api/quotes/🆔 10 requests per minute (quote updates) - DELETE /api/quotes/🆔 10 requests per minute (quote deletes) The report rule is ordered before the general update rule to ensure the more-specific /report path matches before the broader /api/quotes/:id pattern. Documents the approach, plan requirements, and layered protection rationale in docs/ARCHITECTURE.md. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	3 months ago

Author

SHA1

Message

Date

Elijah Voigt

db71399b2f

feat(quotesdb): add Cloudflare WAF rate limiting rules via OpenTofu

Adds infra/rate-limits.tf with a cloudflare_ruleset (phase: http_ratelimit)
implementing per-IP rate limits on all mutating API endpoints:
- PUT /api/quotes: 5 requests per 10 minutes (quote creation)
- POST /api/quotes/:id/report: 3 requests per hour (abuse reports)
- POST /api/quotes/🆔 10 requests per minute (quote updates)
- DELETE /api/quotes/🆔 10 requests per minute (quote deletes)

The report rule is ordered before the general update rule to ensure the
more-specific /report path matches before the broader /api/quotes/:id
pattern. Documents the approach, plan requirements, and layered protection
rationale in docs/ARCHITECTURE.md.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

1 Commits (77c131c08aefba0b3606c32ce033dde8b9046565)