Rate Limit

use runique::prelude::*;

pub fn routes() -> Router {
    urlpatterns! {
        // other routes...
    }
    // .rate_limit(path, name, view!, max_requests, retry_after_secs, excluded_ips)
    .rate_limit(
        "/upload-image",
        "upload_image",
        view!(upload_handler),
        5,
        60,
        vec![],
    )
}

// 5 requests per minute
.rate_limit("/login", "login", view!(login_handler), 5, 60, vec![])

// 3 requests per 5 minutes
.rate_limit("/register", "register", view!(register_handler), 3, 300, vec![])

// Exclude specific IPs from rate limiting
.rate_limit("/api", "api", view!(api_handler), 100, 60, vec!["127.0.0.1".to_string()])

// Sliding window per IP address.
// Counter reset after retry_after seconds.

// Response when the limit is exceeded:
HTTP/1.1 429 Too Many Requests
Retry-After: 42

// The Retry-After header indicates
// the delay before the next window.

// Custom middlewares are inserted at slot 20+.
// They execute BEFORE session and CSRF.

Extensions(0)
  -> ErrorHandler(10)
  -> RateLimiter(20)   // here
  -> Cache(40)
  -> Session(50)
  -> CSRF(60)
  -> routes