backend/app/core/rate_limit.py

"""Simple in-memory token-bucket rate limiter for abuse prevention.

This provides per-IP rate limiting without external dependencies.
For multi-process or distributed deployments, a Redis-based limiter
should be used instead.
"""

from __future__ import annotations

import time
from collections import defaultdict
from threading import Lock

# Run a full sweep of all keys every 128 calls to is_allowed.
_CLEANUP_INTERVAL = 128


class InMemoryRateLimiter:
    """Token-bucket rate limiter keyed by arbitrary string (typically client IP)."""

    def __init__(self, *, max_requests: int, window_seconds: float) -> None:
        self._max_requests = max_requests
        self._window_seconds = window_seconds
        self._buckets: dict[str, list[float]] = defaultdict(list)
        self._lock = Lock()
        self._call_count = 0

    def _sweep_expired(self, cutoff: float) -> None:
        """Remove keys whose timestamps have all expired."""
        expired_keys = [
            k for k, ts_list in self._buckets.items()
            if not ts_list or ts_list[-1] <= cutoff
        ]
        for k in expired_keys:
            del self._buckets[k]

    def is_allowed(self, key: str) -> bool:
        """Return True if the request should be allowed, False if rate-limited."""
        now = time.monotonic()
        cutoff = now - self._window_seconds
        with self._lock:
            self._call_count += 1
            # Periodically sweep all keys to evict stale entries from
            # clients that have stopped making requests.
            if self._call_count % _CLEANUP_INTERVAL == 0:
                self._sweep_expired(cutoff)

            timestamps = self._buckets[key]
            # Prune expired entries for the current key
            self._buckets[key] = [ts for ts in timestamps if ts > cutoff]
            if len(self._buckets[key]) >= self._max_requests:
                return False
            self._buckets[key].append(now)
            return True


# Shared limiter instances for specific endpoints.
# Agent auth: 20 attempts per 60 seconds per IP.
agent_auth_limiter = InMemoryRateLimiter(max_requests=20, window_seconds=60.0)
# Webhook ingest: 60 requests per 60 seconds per IP.
webhook_ingest_limiter = InMemoryRateLimiter(max_requests=60, window_seconds=60.0)
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 13:42:32 -07:00			`"""Simple in-memory token-bucket rate limiter for abuse prevention.`

			`This provides per-IP rate limiting without external dependencies.`
			`For multi-process or distributed deployments, a Redis-based limiter`
			`should be used instead.`
			`"""`

			`from __future__ import annotations`

			`import time`
			`from collections import defaultdict`
			`from threading import Lock`

security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 14:01:18 -07:00			`# Run a full sweep of all keys every 128 calls to is_allowed.`
			`_CLEANUP_INTERVAL = 128`

security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 13:42:32 -07:00
			`class InMemoryRateLimiter:`
			`"""Token-bucket rate limiter keyed by arbitrary string (typically client IP)."""`

			`def __init__(self, *, max_requests: int, window_seconds: float) -> None:`
			`self._max_requests = max_requests`
			`self._window_seconds = window_seconds`
			`self._buckets: dict[str, list[float]] = defaultdict(list)`
			`self._lock = Lock()`
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 14:01:18 -07:00			`self._call_count = 0`

			`def _sweep_expired(self, cutoff: float) -> None:`
			`"""Remove keys whose timestamps have all expired."""`
			`expired_keys = [`
			`k for k, ts_list in self._buckets.items()`
			`if not ts_list or ts_list[-1] <= cutoff`
			`]`
			`for k in expired_keys:`
			`del self._buckets[k]`
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 13:42:32 -07:00
			`def is_allowed(self, key: str) -> bool:`
			`"""Return True if the request should be allowed, False if rate-limited."""`
			`now = time.monotonic()`
			`cutoff = now - self._window_seconds`
			`with self._lock:`
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 14:01:18 -07:00			`self._call_count += 1`
			`# Periodically sweep all keys to evict stale entries from`
			`# clients that have stopped making requests.`
			`if self._call_count % _CLEANUP_INTERVAL == 0:`
			`self._sweep_expired(cutoff)`

security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 13:42:32 -07:00			`timestamps = self._buckets[key]`
security: fix fail-open auth, streaming payload limit, and rate limiter memory leak - agent.py: Fail closed when gateway lookup returns None instead of silently dropping the organization filter (cross-tenant board leak) - board_webhooks.py: Read request body via streaming chunks so an oversized payload is rejected before it is fully loaded into memory - rate_limit.py: Add periodic sweep of expired keys to prevent unbounded memory growth from inactive clients - test_rate_limit.py: Add test for the new sweep behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 14:01:18 -07:00			`# Prune expired entries for the current key`
security: add rate limiting to agent auth and webhook ingest Agent token auth performed O(n) PBKDF2 operations per request with no rate limiting, enabling CPU exhaustion attacks. Webhook ingest had no rate limits either. Add an in-memory token-bucket rate limiter: - Agent auth: 20 requests/minute per IP - Webhook ingest: 60 requests/minute per IP Includes unit tests for the rate limiter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 13:42:32 -07:00			`self._buckets[key] = [ts for ts in timestamps if ts > cutoff]`
			`if len(self._buckets[key]) >= self._max_requests:`
			`return False`
			`self._buckets[key].append(now)`
			`return True`


			`# Shared limiter instances for specific endpoints.`
			`# Agent auth: 20 attempts per 60 seconds per IP.`
			`agent_auth_limiter = InMemoryRateLimiter(max_requests=20, window_seconds=60.0)`
			`# Webhook ingest: 60 requests per 60 seconds per IP.`
			`webhook_ingest_limiter = InMemoryRateLimiter(max_requests=60, window_seconds=60.0)`