admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(listings): rate limit feature-listing via @nestjs/throttler (TEC-2930)

Browse Source 
- Wire ThrottlerModule to a Redis-backed storage (shared across API
  instances) using @nest-lab/throttler-storage-redis.
- Add FeatureListingThrottlerGuard that tracks per-user when JWT is
  present, falling back to the real client IP behind the reverse proxy —
  keeps per-user and per-IP buckets independent.
- Apply @Throttle({ default: { limit: 10, ttl: 60_000 } }) + the guard
  to POST /listings/:id/feature and document 429 in Swagger.
- Integration test (feature-listing-throttle.integration.spec.ts)
  verifies: 10 reqs pass / 11th returns 429 with Retry-After, separate
  IPs keep their own quotas, and the tracker key logic.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-20 08:31:26 +07:00
parent 366815b350
commit 3be66f72df
8 changed files with 284 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/api/src/modules/listings/listings.module.ts
View File

@@ -1,6 +1,7 @@
import { Module } from '@nestjs/common';
import { CqrsModule } from '@nestjs/cqrs';
import { MulterModule } from '@nestjs/platform-express';
import { FeatureListingThrottlerGuard } from '@modules/shared';
import { AdminFeatureListingHandler } from './application/commands/admin-feature-listing/admin-feature-listing.handler';
import { CreateListingHandler } from './application/commands/create-listing/create-listing.handler';
import { DeleteListingHandler } from './application/commands/delete-listing/delete-listing.handler';
@@ -79,6 +80,9 @@ const EventHandlers = [
// Cron
FeaturedListingExpiryCronService,
// Guards (per-route)
FeatureListingThrottlerGuard,
],
exports: [LISTING_REPOSITORY, PROPERTY_REPOSITORY],
})