You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds configurable rate limiting constants for API routes. This allows teams to customize rate limit thresholds per environment instead of relying on hardcoded defaults in the middleware.
I have self-reviewed the code (A decent size PR without self-review might be rejected).
I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox. N/A
I confirm automated tests are in place that prove my fix is effective or that my feature works.
How should this be tested?
Set RATE_LIMIT_WINDOW_MS and RATE_LIMIT_MAX_REQUESTS in .env
Start the dev server and verify rate limiting behavior on /api routes
Confirm default values work when env vars are not set
Checklist
I have read the contributing guide
My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
I have checked that my changes generate no new warnings
🔎 [SECURITY] Hardcoded default admin bypass token 'rl_bypass_default_k8s' is exposed in source code. This violates security best practices as it creates a backdoor that could be exploited if not changed in prod...
🔎 [ARCHITECTURE] Rate limiting configuration constants are placed in packages/lib/constants.ts which violates the vertical slice architecture principle. Rate limiting is a cross-cutting concern that should be iso...
Read more
...lated in its own feature module rather than polluting the generic lib package.
🔎 [CHORE] PR description contains placeholder text 'N/A' for documentation updates checkbox instead of confirming if documentation updates were made or not needed.
📖 CONTRIBUTING_onboarding_section.md lines 58-60
🔎 [CHORE] PR description mentions 'Fixes fix/connected calendar list different states calcom/cal.diy#4821' and 'Fixes CAL-3847' but doesn't provide links to the issues or explain how these issues are addressed by the changes.
📖 quality-code-review_onboarding_section.md lines 10-15
👆 Click expand on any gate above to see full findings with evidence and citations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds configurable rate limiting constants for API routes. This allows teams to customize rate limit thresholds per environment instead of relying on hardcoded defaults in the middleware.
Visual Demo (For contributors especially)
N/A - Configuration constants only, no UI changes.
Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
Checklist