mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

fix(#338): Add rate limiting to orchestrator API

Browse Source 
- Add @nestjs/throttler for rate limiting support
- Configure multiple throttle profiles: default (100/min), strict (10/min for spawn/kill), status (200/min for polling)
- Apply strict rate limits to spawn and kill endpoints to prevent DoS
- Apply higher rate limits to status/health endpoints for monitoring
- Add OrchestratorThrottlerGuard with X-Forwarded-For support for proxy setups
- Add unit tests for throttler guard

Refs #338

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-05 18:26:50 -06:00
parent 3f16bbeca1
commit ce7fb27c46
8 changed files with 244 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
apps/orchestrator/src/app.module.ts
View File

@@ -1,12 +1,19 @@
import { Module } from "@nestjs/common";
import { ConfigModule } from "@nestjs/config";
import { BullModule } from "@nestjs/bullmq";
import { ThrottlerModule } from "@nestjs/throttler";
import { HealthModule } from "./api/health/health.module";
import { AgentsModule } from "./api/agents/agents.module";
import { CoordinatorModule } from "./coordinator/coordinator.module";
import { BudgetModule } from "./budget/budget.module";
import { orchestratorConfig } from "./config/orchestrator.config";
/**
* Rate limiting configuration:
* - 'default': Standard API endpoints (100 requests per minute)
* - 'strict': Spawn/kill endpoints (10 requests per minute) - prevents DoS
* - 'status': Status/health endpoints (200 requests per minute) - higher for polling
*/
@Module({
imports: [
ConfigModule.forRoot({
@@ -19,6 +26,23 @@ import { orchestratorConfig } from "./config/orchestrator.config";
port: parseInt(process.env.VALKEY_PORT ?? "6379"),
},
}),
ThrottlerModule.forRoot([
{
name: "default",
ttl: 60000, // 1 minute
limit: 100, // 100 requests per minute
},
{
name: "strict",
ttl: 60000, // 1 minute
limit: 10, // 10 requests per minute for spawn/kill
},
{
name: "status",
ttl: 60000, // 1 minute
limit: 200, // 200 requests per minute for status endpoints
},
]),
HealthModule,
AgentsModule,
CoordinatorModule,