Skip to content

feat: cache bypass rate limiter#4870

Open
pari-dubey1 wants to merge 2 commits into
JhaSourav07:mainfrom
pari-dubey1:feat/cache-bypass-rate-limiter
Open

feat: cache bypass rate limiter#4870
pari-dubey1 wants to merge 2 commits into
JhaSourav07:mainfrom
pari-dubey1:feat/cache-bypass-rate-limiter

Conversation

@pari-dubey1
Copy link
Copy Markdown
Contributor

@pari-dubey1 pari-dubey1 commented Jun 7, 2026

Description

Fixes #3708

Introduces production-grade security and architectural resilience updates to the streak tracking routes:

  1. Cache-Bypass Protection (middleware.ts): Tightens the ?refresh=true and ?bypassCache=true query parameter validation gates to use a strict sliding limit of 3 requests per 10 minutes (600,000ms) per client IP address. This effectively neutralizes automated cache-exhaustion vectors while maintaining zero modification fallout to underlying utility configurations.
  2. Timezone RangeError Resilience (route.ts): Implements a precise native exception translation boundary wrapper around Intl.DateTimeFormat. This securely intercepts native RangeError bugs triggered by un-enumed strings and down-flows them gracefully as structured 400 Bad Request SVG response error cards, preventing unhandled 500 server crashes.
  3. Integration Verification Matrix: Deploys a type-safe, mock-isolated integration test suite to verify sliding bucket limit behaviors and Zod validation bypass parameters without creating unmocked runtime dependencies or linting leaks (no-explicit-any).

Pillar

  • 🎨 Pillar 1 — New Theme Design
  • 📐 Pillar 2 — Geometric SVG Improvement
  • 🕐 Pillar 3 — Timezone Logic Optimization
  • 🛠️ Other (Bug fix, framework core security hardening, integration testing)

Visual Preview

(N/A: System middle-tier security routing updates and automated logic test coverage expansions).

Checklist before requesting a review:

  • I have read the CONTRIBUTING.md file.
  • I have tested these changes locally.
  • I have run npm run format and npm run lint locally and resolved all errors (including strict TypeScript and ESLint type lint restrictions).
  • My commits follow the Conventional Commits format (e.g., feat(security): ...).
  • I have made sure that I have only one commit to merge in this PR.
  • My branch passes all local integration tests (npm run test) seamlessly.

@JhaSourav07 @pari-dubey1
merge: test: add unit tests for theme-switch component (JhaSourav07#3546
7c05767 
)

## Description

This PR adds a comprehensive unit test suite for the ThemeSwitch
component, covering the custom useThemeToggle hook, theme class
persistence, prefers-reduced-motion fallback logic, startViewTransition
integration, and ThemeToggleButton rendering/interaction.

Fixes JhaSourav07#3343

## Pillar

- [ ] 🎨 Pillar 1 — New Theme Design
- [ ] 📐 Pillar 2 — Geometric SVG Improvement
- [ ] 🕐 Pillar 3 — Timezone Logic Optimization
- [x] 🛠️ Other (Bug fix, refactoring, docs)

## Visual Preview

N/A (Utility/Unit Tests only)

## Checklist before requesting a review:

- [x] I have read the `CONTRIBUTING.md` file.
- [x] I have tested these changes locally.
- [x] I have run `npm run format` and `npm run lint` locally and
resolved all errors.
- [x] My commits follow the Conventional Commits format.
- [x] I have updated `README.md` if I added a new theme or URL
parameter.
- [x] I have started the repo.
- [x] I have made sure that i have only one commit to merge in this PR.
- [ ] The SVG output matches the CommitPulse "premium quality" aesthetic
standard.
- [ ] (Recommended) I joined the CommitPulse Discord community.
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Jun 7, 2026

@JhaSourav07 is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added the status:blocked This PR is blocked due to a failing CI check. label Jun 7, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 7, 2026

🚨 Hey @pari-dubey1, the CI Pipeline is failing on this PR and it has been marked as status:blocked.

Please fix the issues before this can be reviewed. Here's how:

1. Run checks locally before pushing:

npm run format:check   # Check Prettier formatting
npm run lint           # Run ESLint
npm run typecheck      # TypeScript type check
npm run test           # Run unit tests (Vitest)
npm run build          # Verify production build passes

2. Auto-fix common issues:

npm run format         # Auto-fix formatting with Prettier
npm run lint -- --fix  # Auto-fix lint errors where possible

3. Check the full failure log here:
👉 View CI Run

Once you push a fix and the CI passes, the status:blocked label will be removed automatically. 💪

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status:blocked This PR is blocked due to a failing CI check.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Rate-limit cache bypass requests (?refresh=true)

2 participants

@pari-dubey1 @JhaSourav07