Skip to content

ix rate limit history filtering, exempt /core/health , and standardize upgrade URLs#53

Open
DancingPeacock-31 wants to merge 1 commit intoCVImprover:mainfrom
DancingPeacock-31:dac2
Open

ix rate limit history filtering, exempt /core/health , and standardize upgrade URLs#53
DancingPeacock-31 wants to merge 1 commit intoCVImprover:mainfrom
DancingPeacock-31:dac2

Conversation

@DancingPeacock-31
Copy link

@DancingPeacock-31 DancingPeacock-31 commented Oct 23, 2025

  • Summary

    • Ensures health checks are never rate-limited, fixes overcounting in rate limit usage, and aligns upgrade URLs used in throttle responses with routed paths.

  • Changes

    • core/middleware/rate_limit.py : Add /core/health/ to exempt_paths so health checks bypass rate limiting.
    • core/throttling.py : Correct get_rate_limit_status to filter cached timestamps using a proper window ( t > now - duration ) to prevent inflated usage counts.
    • core/throttling.py : Standardize upgrade_url in throttle responses to '/core/plans/' .

  • Why

    • The health endpoint is routed under /core/health/ , but only /health/ was exempt, causing unintended rate limiting.
    • Usage was occasionally misreported due to stale timestamps not being consistently pruned from history.
    • Upgrade URLs were inconsistent across responses, leading to navigational confusion.

  • Impact

    • More accurate rate limit status and consistent throttling behavior.
    • No schema or DB changes; low risk to production traffic.
    • Health monitoring becomes reliable under load.

  • Affected Endpoints

    • GET /core/health/ (exempted from rate limiting)
    • Throttled endpoints referencing:
      • ai_responses (e.g., POST /cv/ai-responses/ )
      • questionnaires (e.g., POST /cv/questionnaires/ )
      • api_calls (general API traffic)

  • Testing Notes

    • Existing rate-limiting tests should continue to pass:
      • Health check accessibility and status structure
      • Throttle counts for free vs. paid plans
      • Upgrade recommendation logic and status labels
    • Suggested local commands:
      • python -m venv .venv && source .venv/bin/activate
      • pip install -r requirements.txt
      • python manage.py test

  • Rollout/Monitoring

    • Observe application logs for rate limit events and confirm health checks are unaffected.
    • Optional: validate UI/API consumers correctly follow upgrade_url: '/core/plans/' .
      Checklist

  • Health endpoint correctly exempted under '/core/health/'

  • Rate limit history filtered within active window

  • Upgrade URL standardized to '/core/plans/'

  • Tests run and pass in CI

  • Docs updated if any consumer relies on old upgrade_url path
    Related

  • cvimprover-api/core/middleware/rate_limit.py

  • cvimprover-api/core/throttling.py

@DancingPeacock-31
Fix rate limiting bugs: exempt health check and improve history filte…
e3151ac 
…ring

- Add /core/health/ to rate limit middleware exempt paths
- Fix get_rate_limit_status history filtering to prevent overcounting
- Standardize upgrade URL to /core/plans/ across throttling responses
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DancingPeacock-31