Skip to content
Flows
App Builder Generated Intermediate · 60-90 minutes

Add Persistent Rate Limiting to Existing App

Integrate a real, persistent rate limiting system into the current application.

Start Route · 8 steps

The route

8 steps to Done

  1. 01

    Identify Stack and Request Entry Point

    Determine the app's language/framework and locate the main request handling file to know where to inject rate limiting.

    Preview prompt + verify gate ▾

    Analyze the provided project source (assume the root folder is accessible) and produce a concise summary: 1) Programming language and framework. 2) The primary server file where the HTTP server or routing middleware is initialized (e.g., app.js, server.py, config.ru). Include the exact relative path. Do not add extra commentary.

    • The language/framework is correctly identified
    • The exact path to the request entry file is provided
  2. 02

    Choose and Install a Persistent Rate Limiting Library

    Select a library that supports external storage (Redis) and add it to the project.

    Preview prompt + verify gate ▾

    1) Determine the best rate‑limit library for the identified language that supports a Redis backend. 2) Add the library to the project's dependency manifest (package.json, requirements.txt, Gemfile, etc.) using the correct command. 3) Also add a Redis client library if not already present. 4) Show the exact lines that were added to the manifest file. Do not include any explanatory text beyond the manifest changes.

    • Dependency file contains the rate‑limit library
    • Dependency file contains a Redis client library
  3. 03

    Create a Persistent Store Configuration

    Configure Redis connection and export a store that the rate limiter can use.

    Preview prompt + verify gate ▾

    1) In a new file (e.g., src/config/redis.js), require the Redis client library and connect using process.env.REDIS_URL or fallback to localhost:6379. 2) Export the client instance. 3) In a new file (src/config/rateLimiter.js), import the rate‑limit library and the Redis client, create a RedisStore (or equivalent) and export a configured middleware with a default limit of 100 requests per 15 minutes. 4) Include proper error handling. Return the full content of both files as plain code.

    • redis.js exists and connects to Redis
    • rateLimiter.js exists and exports a middleware
    • Both files contain real code, no placeholders
  4. 04

    Integrate Middleware into the Request Pipeline

    Apply the rate limiting middleware to all API routes (or selected ones).

    Preview prompt + verify gate ▾

    1) Open the file identified in step 1. 2) Import the middleware from src/config/rateLimiter.js. 3) Add the middleware to the global router or to specific route groups (e.g., app.use('/api', rateLimiter)). 4) Ensure the middleware is placed before route handlers. 5) Save the file and output a diff showing the added import line and the app.use line.

    • Import statement for rateLimiter is present
    • app.use or router.use call adds the middleware
    • Middleware is before route handlers
  5. 05

    Persist Rate Limit Settings in the Database

    Allow dynamic adjustment of limit values without code changes.

    Preview prompt + verify gate ▾

    1) Write a migration that creates a table named rate_limits with columns: id (PK), route (string, unique), limit (integer), window_minutes (integer), created_at, updated_at. 2) If the app uses an ORM (e.g., Sequelize, TypeORM, Django ORM), also generate the model class matching the table. 3) Add a seed row for the default '/api' limit (limit: 100, window_minutes: 15). Return the full migration script and the model code.

    • Migration creates rate_limits table with required columns
    • Model class matches the table schema
    • Seed default row added
  6. 06

    Update Middleware to Read Limits from DB

    Make the rate limiter fetch limit values per route from the database instead of hard‑coded values.

    Preview prompt + verify gate ▾

    1) In src/config/rateLimiter.js, import the RateLimit model. 2) For each incoming request, determine a route key (e.g., req.path or a normalized pattern). 3) Query the DB for a matching record; if none, use the default (100/15). 4) Dynamically create or adjust a rate‑limit middleware instance with those values. 5) Ensure async handling does not break request flow. Return the updated file content as plain code.

    • File imports RateLimit model
    • DB query retrieves limit per route
    • Middleware uses the retrieved values
    • No syntax errors
  7. 07

    Write End‑to‑End Tests for Rate Limiting

    Verify that the limit is enforced and respects DB‑configured values.

    Preview prompt + verify gate ▾

    1) Create a test file (tests/rateLimit.test.js or equivalent). 2) Insert a test that: a) Uses the test DB and ensures a rate_limits record for '/api/test' with limit 5 and window 1 minute. b) Sends 6 GET requests to '/api/test' using supertest (or the project's HTTP test helper). c) Asserts the 6th response status is 429. 3) Add a cleanup step to reset Redis counters and remove the test record. Return the full test code.

    • Test creates a specific rate_limits entry
    • Test sends N+1 requests and checks for 429
    • Test cleans up after itself
  8. 08

    Deploy and Manually Verify in Staging

    Confirm rate limiting works in a live environment.

    Preview prompt + verify gate ▾

    1) Deploy the updated code to the staging environment. 2) Ensure REDIS_URL and DB connection strings are set. 3) Using curl or an HTTP client, send requests to an endpoint with a known limit (e.g., the test limit of 5 requests per minute). 4) Document the HTTP status codes of each request. Return a short log showing each request number and status.

    • Staging app runs without errors
    • Requests beyond limit return 429
    • Logs show correct status codes