developer/scrabble-game
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

R3: backend rate-limit observability — ratewatch, auto-flag, admin throttled view

Browse Source 
- accounts.flagged_high_rate_at baked into the R1 baseline (no prod data; the
  contour schema is wiped after merge); jet regenerated — the regen also picks
  up the previously missing game_drafts/game_hidden models.
- account.Store: FlagHighRate (set-once), ClearHighRateFlag, the flag in
  GetByID/ListUsers and a ListFlaggedHighRate review queue.
- New internal/ratewatch: ingests the gateway rejection reports, keeps a
  bounded in-memory episode window for the console and applies the
  conservative auto-flag (1000 rejected / 10 min, BACKEND_HIGHRATE_FLAG_*).
- POST /api/v1/internal/ratelimit/report (network-trusted, like
  sessions/resolve).
- Admin console: Throttled page (episodes + flagged accounts), a high-rate
  badge in the user list, the marker + operator clear action on the user card.
- Tests: ratewatch unit suite, report-route handler test, renderer cases,
  integration coverage for the store round-trip and the console flow.
This commit is contained in:
Ilia Denisov
2026-06-10 02:14:00 +02:00
parent 8878711cf3
commit ab58062565
27 changed files with 1081 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/server/handlers_ratelimit.go
+41
View File
@@ -0,0 +1,41 @@
package server
import (
"net/http"
"github.com/gin-gonic/gin"
"scrabble/backend/internal/ratewatch"
)
// rateLimitReportRequest mirrors the gateway's periodic rejection summary: every
// entry aggregates one limiter key (class + key) over the report window.
type rateLimitReportRequest struct {
WindowSeconds int `json:"window_seconds"`
Entries []rateLimitReportEntry `json:"entries"`
}
// rateLimitReportEntry is one (class, key) aggregate of the report.
type rateLimitReportEntry struct {
Class string `json:"class"`
Key string `json:"key"`
Rejected int `json:"rejected"`
}
// handleRateLimitReport ingests one gateway rejection report into the rate
// watch — the admin console's throttled view and the high-rate auto-flag (R3).
// Internal, gateway-only: like sessions/resolve it trusts the network segment.
// Malformed individual entries are skipped by the watch itself.
func (s *Server) handleRateLimitReport(c *gin.Context) {
var req rateLimitReportRequest
if err := c.ShouldBindJSON(&req); err != nil {
abortBadRequest(c, "invalid rate-limit report")
return
}
entries := make([]ratewatch.Entry, 0, len(req.Entries))
for _, e := range req.Entries {
entries = append(entries, ratewatch.Entry{Class: e.Class, Key: e.Key, Rejected: e.Rejected})
}
s.ratewatch.Ingest(c.Request.Context(), entries)
c.Status(http.StatusNoContent)
}