[FEAT]: Rate Limiting Middleware

[pdagboola]

Feature Description

Proposal to implement rate limiting middleware to protect API endpoints from abuse and ensure fair usage of resources.

Proposed Implementation Details

1. Create RateLimitMiddleware class using express-rate-limit
2. Configure rate limiting parameters:
   • Window: 15 minutes
   • Max Requests: 100 per IP
   • Custom error response with status code 429

Technical Specifications

private limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // Limit each IP to 100 requests per windowMs
  message: {
    status_code: 429,
    message: 'Too many requests from this IP, please try again later.'
  },
  standardHeaders: true,
  legacyHeaders: false,
});

Expected Benefits

• Prevention of API abuse and DDoS attacks
• Fair resource distribution
• Customizable rate limits and window periods
• Standard rate limit headers for client monitoring

Technical Requirements

• Framework: NestJS
• Dependency: express-rate-limit
• Implementation: Middleware

Implementation Considerations

• Middleware to be globally applied to all routes
• Uses standard HTTP headers for rate limit information
• Configurable parameters for different environments
• Compatible with load balancers and reverse proxies

Testing Requirements

1. Rate limit enforcement verification
2. Error response format testing
3. Header information validation
4. Reset window functionality testing