Add Rate Limiting Helper #6
Description
Overview
Add a rate limiting helper to prevent API key abuse and control usage patterns.
Motivation
Rate limiting is crucial for security and prevents abuse of API keys. This feature should help users track and limit API key usage.
Proposed API
interface RateLimitConfig {
maxRequests: number
windowMs: number
}
const rateLimiter = keys.createRateLimiter({
maxRequests: 100,
windowMs: 60000, // 1 minute
})
await rateLimiter.check(apiKeyRecord)Implementation Details
Storage Requirements
- Track request counts per key
- Use sliding window or fixed window algorithm
- Store in storage adapter (new method or extend existing metadata)
API Design
// Create rate limiter
const rateLimiter = manager.createRateLimiter({
maxRequests: 100,
windowMs: 60000,
exceedAction: 'reject' | 'throttle' | 'log'
})
// Check rate limit
const result = await rateLimiter.check(keyRecord)
if (!result.allowed) {
throw new RateLimitError('Rate limit exceeded', result.retryAfter)
}Acceptance Criteria
- Implement sliding window or fixed window rate limiting
- Support multiple rate limit tiers per key
- Track usage across storage adapters
- Return retry-after information
- Add tests for rate limiting logic
- Document usage examples
- Handle edge cases (first request, empty periods)
Priority
High - Security feature