docs: document rate-limiting middleware (slowapi, 10 req/min, 429 response format)#1745
Conversation
- Add Rate limiting section to backend/README.md covering: - Default limit (10 req/min per IP via slowapi) - 429 error response format with Retry-After header - curl example - Env-var pattern for operator-configurable limits (RATELIMIT_DEFAULT) - Update docs/architecture.md: correct stale note that rate limiting was only expected at gateway level; now enforced at the app layer Closes ritesh-1918#1385
|
Someone is attempting to deploy a commit to the ritesh Team on Vercel. A member of the Team first needs to authorize it. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThis PR updates documentation to describe slowapi-based API rate limiting for the ChangesRate Limiting Documentation
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates system documentation to reflect application-layer rate limiting for POST /ai/analyze_ticket and documents how the limiter behaves/configures.
Changes:
- Document rate limiting enforcement via
slowapiforPOST /ai/analyze_ticket(10 req/min/IP). - Add backend README section describing 429 behavior, curl example, and a suggested env-var-based configuration pattern.
- Update architecture docs to reference backend configuration details.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| docs/architecture.md | Updates storage/scaling notes to describe slowapi-based rate limiting and links to backend docs. |
| backend/README.md | Adds detailed rate limiting documentation, including expected 429 response and configuration guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| **429 error response** | ||
|
|
||
| When a client exceeds the limit the server returns HTTP `429 Too Many Requests` with a `Retry-After` header and a JSON body: |
| The backend enforces per-IP rate limits using [slowapi](https://github.com/laurentS/slowapi) (a FastAPI port of Flask-Limiter). | ||
|
|
||
| **Default limit:** `POST /ai/analyze_ticket` — **10 requests per minute per client IP**. |
|
|
||
| **Default limit:** `POST /ai/analyze_ticket` — **10 requests per minute per client IP**. | ||
|
|
||
| All other endpoints (`/health`, `/ready`, `/ai/analyze`, etc.) are unrestricted. |
|
|
||
| **Configuration** | ||
|
|
||
| The limit string follows slowapi / limits syntax (`N/second`, `N/minute`, `N/hour`, `N/day`). To change it without modifying source code set the `RATELIMIT_DEFAULT` environment variable and initialise the limiter with `default_limits`: |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 688eb8d1ec
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| **429 error response** | ||
|
|
||
| When a client exceeds the limit the server returns HTTP `429 Too Many Requests` with a `Retry-After` header and a JSON body: |
There was a problem hiding this comment.
When clients actually exceed the /ai/analyze_ticket limit, this header is not emitted by the current app: backend/main.py constructs Limiter(key_func=get_remote_address) without enabling slowapi response headers, and slowapi only injects Retry-After when headers are enabled. Documenting the header here will cause API clients to implement retry/backoff logic against a value that is absent in production 429 responses.
Useful? React with 👍 / 👎.
ritesh-1918
added
gssoc
|
Hi @x-haolun! 🙌 Thank you so much for your excellent contribution: "docs: document rate-limiting middleware (slowapi, 10 req/min, 429 response format)"! We really appreciate the high-quality code and effort you have put into the platform. Just a quick, friendly heads-up as we prepare our manual merging and verification queues—please make sure to complete all the mandatory community steps listed below. Once those manual steps are verified, we'll get your PR officially merged into the Let's build something amazing together! 🚀🔥 🌟 Project Support & Developer Network (Show Some Love!)As we prepare our manual verification and merging queues, please take a quick moment to ensure you have completed all four community steps:
Note: Having all four steps completed manually is required before your PR points are officially cleared. |
1 similar comment
|
Hi @x-haolun! 🙌 Thank you so much for your excellent contribution: "docs: document rate-limiting middleware (slowapi, 10 req/min, 429 response format)"! We really appreciate the high-quality code and effort you have put into the platform. Just a quick, friendly heads-up as we prepare our manual merging and verification queues—please make sure to complete all the mandatory community steps listed below. Once those manual steps are verified, we'll get your PR officially merged into the Let's build something amazing together! 🚀🔥 🌟 Project Support & Developer Network (Show Some Love!)As we prepare our manual verification and merging queues, please take a quick moment to ensure you have completed all four community steps:
Note: Having all four steps completed manually is required before your PR points are officially cleared. |
|
Merged locally into gssoc branch. Thank you for your GSSoC contribution! 🚀🔥 |
Summary
Closes #1385 — documents the rate-limiting middleware that was added to
POST /ai/analyze_ticket.Changes
backend/README.mdRetry-Afterheader, curl example,RATELIMIT_DEFAULTenv-var patterndocs/architecture.mdDetails
Default limit: 10 requests per minute per client IP on
POST /ai/analyze_ticket(via slowapi@limiter.limit("10/minute")).429 response body:
{"error": "Rate limit exceeded: 10 per 1 minute"}Response also includes a
Retry-Afterheader (seconds until the window resets).Configuration note: The limit string is currently hardcoded in the decorator. The README documents the
RATELIMIT_DEFAULTenv-var pattern as the recommended path to make limits operator-configurable without touching source code.Testing
Documentation-only change. No functional code was modified. Verified that the documented behaviour matches the implementation in
backend/main.py(lines 23, 272-275, 698).Checklist
Summary by CodeRabbit