Add TTL expiration to rate limit shards

bc-rmalyavc · bc-rmalyavc · commit 77cfb079a2af · 2025-12-17T15:12:13.000+02:00
diff --git a/src/lib/rate-limit.ts b/src/lib/rate-limit.ts
@@ -4,6 +4,7 @@ import {
   getDocsFromServer,
   increment,
   setDoc,
+  Timestamp,
 } from 'firebase/firestore';
 import { getDb } from './db';
 
@@ -15,6 +16,7 @@ interface RateLimitOptions {
 interface RateLimitDocument {
   count: number;
   windowStart: number;
+  expiresAt?: Timestamp;
 }
 
 export interface RateLimitState {
@@ -27,6 +29,9 @@ export interface RateLimitState {
 const DEFAULT_WINDOW_MS = 60_000;
 const DEFAULT_MAX_REQUESTS = 30;
 const SHARD_COUNT = 20;
+// Documents are cleaned up via Firestore TTL configured on the `expiresAt` field.
+// Keeping a modest retention allows slow TTL sweeps without impacting active windows.
+const RETENTION_WINDOWS = 24; // number of windows to keep for TTL cleanup
 
 export async function enforceRateLimit(
   key: string,
@@ -38,10 +43,11 @@ export async function enforceRateLimit(
   const windowRef = collection(db, 'rateLimits', `${key}:${windowStart}`, 'shards');
   const shardId = Math.floor(Math.random() * SHARD_COUNT).toString();
   const shardRef = doc(windowRef, shardId);
+  const expiresAt = Timestamp.fromMillis(windowStart + windowMs * RETENTION_WINDOWS);
 
   await setDoc(
     shardRef,
-    { count: increment(1), windowStart },
+    { count: increment(1), windowStart, expiresAt },
     { merge: true },
   );
 
