Class: RosettAi::Mcp::Middleware::RateLimit

Inherits:

Object

• Object
• RosettAi::Mcp::Middleware::RateLimit

Defined in:

lib/rosett_ai/mcp/middleware/rate_limit.rb

Overview

Rack middleware for token bucket rate limiting.

Per-IP/per-key rate limiting with separate limits for authenticated and unauthenticated requests. Returns 429 Too Many Requests when exhausted.

Author:

• hugo

• claude

Constant Summary

DEFAULT_UNAUTH_RPM =

60

DEFAULT_AUTH_RPM =

300

BUCKET_WINDOW =

seconds

60

CLEANUP_INTERVAL =

100

Instance Method Summary

• #call(env) ⇒ Array

  Rack response triplet.

• #initialize(app, config: nil) ⇒ RateLimit constructor

  A new instance of RateLimit.

Constructor Details

#initialize(app, config: nil) ⇒ RateLimit

Returns a new instance of RateLimit.

Parameters:

• app (#call) —

  the next Rack application

• config (#unauthenticated_rpm, #authenticated_rpm) (defaults to: nil) —

  rate config

# File 'lib/rosett_ai/mcp/middleware/rate_limit.rb', line 25

def initialize(app, config: nil)
  @app = app
  @unauth_rpm = config.respond_to?(:unauthenticated_rpm) ? config.unauthenticated_rpm : DEFAULT_UNAUTH_RPM
  @auth_rpm = config.respond_to?(:authenticated_rpm) ? config.authenticated_rpm : DEFAULT_AUTH_RPM
  @buckets = {}
  @mutex = Mutex.new
  @request_count = 0
end

Instance Method Details

#call(env) ⇒ Array

Returns Rack response triplet.

Parameters:

• env (Hash) —

  Rack environment

Returns:

• (Array) —

  Rack response triplet

# File 'lib/rosett_ai/mcp/middleware/rate_limit.rb', line 36

def call(env)
  key = bucket_key(env)
  limit = rate_limit_for(env)

  if allowed?(key, limit)
    @app.call(env)
  else
    SecurityLogger.rate_limited(key)
    too_many_requests
  end
end