Skip to content

Add rate limiting functionality using @upstash/ratelimit and integrate with TRPC procedures #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Oct 22, 2025
Merged

Add rate limiting functionality using @upstash/ratelimit and integrate with TRPC procedures #118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
8bba260
Add rate limiting functionality using @upstash/ratelimit and integrat…
jakejarvis Oct 22, 2025
400f35d
Enhance rate limit error handling and client feedback in TRPC integra…
jakejarvis Oct 22, 2025
eea02c6
Enable analytics for rate limiting and allow background processing of…
jakejarvis Oct 22, 2025
101f422
Add icon to rate limit error toast for improved user feedback
jakejarvis Oct 22, 2025
e613036
Update rate limit response to include reset time for enhanced client …
jakejarvis Oct 22, 2025
5dee0d8
Refactor error handling for rate limit responses in TRPC integration
jakejarvis Oct 22, 2025
2245130
Refactor TRPC error handling to utilize formatted data for rate limit…
jakejarvis Oct 22, 2025
c55ec5c
Improve error handling for background analytics shutdown in server fu…
jakejarvis Oct 22, 2025
307bcc1
Refactor TRPC error handling to use a dedicated errorToastLink for ra…
jakejarvis Oct 22, 2025
9b46f16
Update trpc/client.tsx
jakejarvis Oct 22, 2025
b7573e0
Remove unnecessary closing parentheses
jakejarvis Oct 22, 2025
fc268a3
Merge branch 'main' into feat/rate-limit
jakejarvis Oct 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion app/api/trpc/[trpc]/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,29 @@ const handler = (req: Request) =>
endpoint: "/api/trpc",
req,
router: appRouter,
createContext,
createContext: () => createContext({ req }),
responseMeta: ({ errors }) => {
const err = errors.find((e) => e.code === "TOO_MANY_REQUESTS");
if (!err) return {};

// Prefer formatted data from errorFormatter for consistent headers
const data = (
err as {
data?: { retryAfter?: number; limit?: number; remaining?: number };
}
).data;
const retryAfter = Math.max(1, Math.round(Number(data?.retryAfter ?? 1)));
const headers: Record<string, string> = {
"Retry-After": String(retryAfter),
"Cache-Control": "no-cache, no-store",
};
if (typeof data?.limit === "number")
headers["X-RateLimit-Limit"] = String(data.limit);
if (typeof data?.remaining === "number")
headers["X-RateLimit-Remaining"] = String(data.remaining);

return { headers, status: 429 };
},
onError: ({ path, error }) => {
// Development logging
if (process.env.NODE_ENV === "development") {
Expand Down
12 changes: 10 additions & 2 deletions lib/analytics/server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,11 @@ export const captureServer = async (
});

// flush events to posthog in background
waitUntil(client.shutdown());
try {
waitUntil?.(client.shutdown());
} catch {
// no-op
}
};

export const captureServerException = async (
Expand All @@ -85,5 +89,9 @@ export const captureServerException = async (
);

// flush events to posthog in background
waitUntil(client.shutdown());
try {
waitUntil?.(client.shutdown());
} catch {
// no-op
}
};
2 changes: 2 additions & 0 deletions lib/schemas/internal/storage.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import { z } from "zod";

export const StorageKindSchema = z.enum(["favicon", "screenshot", "social"]);
export const StorageUrlSchema = z.object({ url: z.string().url().nullable() });

export type StorageKind = z.infer<typeof StorageKindSchema>;
export type StorageUrl = z.infer<typeof StorageUrlSchema>;
1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
"@trpc/client": "^11.6.0",
"@trpc/server": "^11.6.0",
"@trpc/tanstack-react-query": "^11.6.0",
"@upstash/ratelimit": "^2.0.6",
"@upstash/redis": "^1.35.6",
"@vercel/analytics": "^1.5.0",
"@vercel/functions": "^3.1.4",
Expand Down
21 changes: 21 additions & 0 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

75 changes: 75 additions & 0 deletions server/ratelimit.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
import "server-only";

import { TRPCError } from "@trpc/server";
import { Ratelimit } from "@upstash/ratelimit";
import { waitUntil } from "@vercel/functions";
import { redis } from "@/lib/redis";
import { t } from "@/trpc/init";

export const SERVICE_LIMITS = {
dns: { points: 60, window: "1 m" },
headers: { points: 60, window: "1 m" },
certs: { points: 30, window: "1 m" },
registration: { points: 4, window: "1 m" },
screenshot: { points: 3, window: "1 m" },
favicon: { points: 120, window: "1 h" },
seo: { points: 30, window: "1 m" },
hosting: { points: 30, window: "1 m" },
pricing: { points: 30, window: "1 m" },
} as const;

export type ServiceName = keyof typeof SERVICE_LIMITS;

const limiters = Object.fromEntries(
Object.entries(SERVICE_LIMITS).map(([service, cfg]) => [
service,
new Ratelimit({
redis,
limiter: Ratelimit.slidingWindow(
cfg.points,
cfg.window as `${number} ${"s" | "m" | "h"}`,
),
prefix: `@upstash/ratelimit:${service}`,
analytics: true,
}),
]),
) as Record<ServiceName, Ratelimit>;

export async function assertRateLimit(service: ServiceName, ip: string) {
const res = await limiters[service].limit(ip);

if (!res.success) {
const retryAfterSec = Math.max(
1,
Math.ceil((res.reset - Date.now()) / 1000),
);

throw new TRPCError({
code: "TOO_MANY_REQUESTS",
message: `Rate limit exceeded for ${service}. Try again in ${retryAfterSec}s.`,
cause: {
retryAfter: retryAfterSec,
service,
limit: res.limit,
remaining: res.remaining,
reset: res.reset,
},
});
}

// allow ratelimit analytics to be sent in background
try {
waitUntil?.(res.pending);
} catch {
// no-op
}

return { limit: res.limit, remaining: res.remaining, reset: res.reset };
}

export const rateLimitMiddleware = t.middleware(async ({ ctx, next, meta }) => {
const service = (meta?.service ?? "") as ServiceName;
if (!service || !(service in SERVICE_LIMITS) || !ctx.ip) return next();
await assertRateLimit(service, ctx.ip);
return next();
});
62 changes: 42 additions & 20 deletions server/routers/domain.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,10 @@ import {
PricingSchema,
RegistrationSchema,
SeoResponseSchema,
StorageUrlSchema,
} from "@/lib/schemas";
import { inngest } from "@/server/inngest/client";
import { rateLimitMiddleware } from "@/server/ratelimit";
import { getCertificates } from "@/server/services/certificates";
import { resolveAll } from "@/server/services/dns";
import { getOrCreateFaviconBlobUrl } from "@/server/services/favicon";
Expand All @@ -20,9 +22,9 @@ import { getPricingForTld } from "@/server/services/pricing";
import { getRegistration } from "@/server/services/registration";
import { getOrCreateScreenshotBlobUrl } from "@/server/services/screenshot";
import { getSeo } from "@/server/services/seo";
import { createTRPCRouter, loggedProcedure } from "@/trpc/init";
import { createTRPCRouter, publicProcedure } from "@/trpc/init";

export const domainInput = z
const DomainInputSchema = z
.object({ domain: z.string().min(1) })
.transform(({ domain }) => ({ domain: normalizeDomainInput(domain) }))
.refine(({ domain }) => toRegistrableDomain(domain) !== null, {
Expand All @@ -31,16 +33,22 @@ export const domainInput = z
});

export const domainRouter = createTRPCRouter({
registration: loggedProcedure
.input(domainInput)
registration: publicProcedure
.meta({ service: "registration" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(RegistrationSchema)
.query(({ input }) => getRegistration(input.domain)),
pricing: loggedProcedure
.input(domainInput)
pricing: publicProcedure
.meta({ service: "pricing" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(PricingSchema)
.query(({ input }) => getPricingForTld(input.domain)),
dns: loggedProcedure
.input(domainInput)
dns: publicProcedure
.meta({ service: "dns" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(DnsResolveResultSchema)
.query(async ({ input }) => {
const result = await resolveAll(input.domain);
Expand All @@ -51,26 +59,40 @@ export const domainRouter = createTRPCRouter({
});
return result;
}),
hosting: loggedProcedure
.input(domainInput)
hosting: publicProcedure
.meta({ service: "hosting" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(HostingSchema)
.query(({ input }) => detectHosting(input.domain)),
certificates: loggedProcedure
.input(domainInput)
certificates: publicProcedure
.meta({ service: "certs" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(CertificatesSchema)
.query(({ input }) => getCertificates(input.domain)),
headers: loggedProcedure
.input(domainInput)
headers: publicProcedure
.meta({ service: "headers" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(HttpHeadersSchema)
.query(({ input }) => probeHeaders(input.domain)),
seo: loggedProcedure
.input(domainInput)
seo: publicProcedure
.meta({ service: "seo" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(SeoResponseSchema)
.query(({ input }) => getSeo(input.domain)),
favicon: loggedProcedure
.input(domainInput)
favicon: publicProcedure
.meta({ service: "favicon" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(StorageUrlSchema)
.query(({ input }) => getOrCreateFaviconBlobUrl(input.domain)),
screenshot: loggedProcedure
.input(domainInput)
screenshot: publicProcedure
.meta({ service: "screenshot" })
.use(rateLimitMiddleware)
.input(DomainInputSchema)
.output(StorageUrlSchema)
.query(({ input }) => getOrCreateScreenshotBlobUrl(input.domain)),
});
2 changes: 2 additions & 0 deletions trpc/client.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import { useState } from "react";
import superjson from "superjson";
import { TRPCProvider as Provider } from "@/lib/trpc/client";
import type { AppRouter } from "@/server/routers/_app";
import { errorToastLink } from "@/trpc/error-toast-link";
import { getQueryClient } from "@/trpc/query-client";

let browserQueryClient: ReturnType<typeof getQueryClient> | undefined;
Expand All @@ -37,6 +38,7 @@ export function TRPCProvider({ children }: { children: React.ReactNode }) {
process.env.NODE_ENV === "development" ||
(opts.direction === "down" && opts.result instanceof Error),
}),
errorToastLink(),
httpBatchStreamLink({
url: `${getBaseUrl()}/api/trpc`,
transformer: superjson,
Expand Down
60 changes: 60 additions & 0 deletions trpc/error-toast-link.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
"use client";

import { TRPCClientError, type TRPCLink } from "@trpc/client";
import type { AnyRouter } from "@trpc/server";
import { observable } from "@trpc/server/observable";
import { Siren } from "lucide-react";
import { toast } from "sonner";

function formatWait(seconds: number): string {
if (!Number.isFinite(seconds) || seconds <= 1) return "a moment";
const s = Math.round(seconds);
const m = Math.floor(s / 60);
const sec = s % 60;
if (m <= 0) return `${sec}s`;
if (m < 60) return sec ? `${m}m ${sec}s` : `${m}m`;
const h = Math.floor(m / 60);
const rm = m % 60;
return rm ? `${h}h ${rm}m` : `${h}h`;
}

export function errorToastLink<
TRouter extends AnyRouter = AnyRouter,
>(): TRPCLink<TRouter> {
return () =>
({ next, op }) =>
observable((observer) => {
const sub = next(op).subscribe({
next(value) {
observer.next(value);
},
error(err) {
if (err instanceof TRPCClientError) {
const code = err.data?.code;
if (code === "TOO_MANY_REQUESTS") {
const retryAfterSec = Math.max(
1,
Math.round(Number(err.data?.retryAfter ?? 1)),
);
const service = err.data?.service as string | undefined;
const friendly = formatWait(retryAfterSec);
const title = service
? `Too many ${service} requests`
: "You're doing that too much";
toast.error(title, {
id: "rate-limit",
description: `Try again in ${friendly}.`,
icon: <Siren className="h-4 w-4" />,
position: "top-center",
});
}
}
observer.error(err);
},
complete() {
observer.complete();
},
});
return () => sub.unsubscribe();
});
}
Loading