mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#338): Add rate limiting to orchestrator API

Browse Source 
- Add @nestjs/throttler for rate limiting support
- Configure multiple throttle profiles: default (100/min), strict (10/min for spawn/kill), status (200/min for polling)
- Apply strict rate limits to spawn and kill endpoints to prevent DoS
- Apply higher rate limits to status/health endpoints for monitoring
- Add OrchestratorThrottlerGuard with X-Forwarded-For support for proxy setups
- Add unit tests for throttler guard

Refs #338

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-05 18:26:50 -06:00
parent 3f16bbeca1
commit ce7fb27c46
8 changed files with 244 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
apps/orchestrator/src/api/health/health.controller.ts
View File

@@ -1,12 +1,22 @@
import { Controller, Get } from "@nestjs/common";
import { Controller, Get, UseGuards } from "@nestjs/common";
import { Throttle } from "@nestjs/throttler";
import { HealthService } from "./health.service";
import { OrchestratorThrottlerGuard } from "../../common/guards/throttler.guard";
/**
* Health check controller for orchestrator service
*
* Rate limits:
* - Health endpoints: 200 requests/minute (higher for monitoring)
*/
@Controller("health")
@UseGuards(OrchestratorThrottlerGuard)
export class HealthController {
constructor(private readonly healthService: HealthService) {}
@Get()
check() {
@Throttle({ status: { limit: 200, ttl: 60000 } })
check(): { status: string; uptime: number; timestamp: string } {
return {
status: "healthy",
uptime: this.healthService.getUptime(),
@@ -15,7 +25,8 @@ export class HealthController {
}
@Get("ready")
ready() {
@Throttle({ status: { limit: 200, ttl: 60000 } })
ready(): { ready: boolean } {
// NOTE: Check Valkey connection, Docker daemon (see issue #TBD)
return { ready: true };
}

2
apps/orchestrator/src/api/health/health.module.ts
View File

@@ -1,7 +1,9 @@
import { Module } from "@nestjs/common";
import { HealthController } from "./health.controller";
import { HealthService } from "./health.service";
@Module({
controllers: [HealthController],
providers: [HealthService],
})
export class HealthModule {}