fix(job-alerts): rate-limit the public subscribe endpoint#113
Conversation
POST /api/public/job-alerts had no rate limit, unlike the sibling
application-submit endpoints — flagged as an open P0 in
docs/SECURITY-AUDIT.md ("Public routes" / rate limiting).
Reuses the existing per-IP fixed-window limiter from
src/lib/rate-limit.ts (same 10/min shape as the application submit
routes). Unauthenticated GET /unsubscribe is token-scoped and left
as-is.
Tests: 3 new cases (under limit, 429+Retry-After over limit,
per-IP isolation). 209/209 pass.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Closes an open P0 from
docs/SECURITY-AUDIT.md("Public routes" row):POST /api/public/job-alertshad no rate limit, unlike the sibling application-submit endpoints which already usesrc/lib/rate-limit.ts.What
429+Retry-After, matching the existing pattern insrc/app/api/public/jobs/[slug]/applications/route.ts.GET(unsubscribe) is left as-is — it's token-scoped, not a comparable abuse surface.Testing
route.test.ts: allowed under limit,429+Retry-Afteronce exceeded, limits tracked independently per IP.pnpm lint/pnpm typecheck— clean.pnpm test -- --run— 209/209 pass.Known limitation carried over from the existing limiter (documented in
src/lib/rate-limit.ts): in-memory, per-instance, resets on cold start. Fine for the current single-instance deployment; noted as a scale-up item, not blocking here.