fix(tradein): bypass rate-limit for authenticated pilots + configurable limit (#655) #669

Merged
bot-reviewer merged 1 commit from fix/tradein-655-ratelimit into main 2026-05-29 15:56:30 +00:00

1 commit

Author SHA1 Message Date
lekss361
747a325428 fix(tradein): bypass rate-limit for authenticated pilots + configurable limit (#655)
Results page hits ~8-10 /api/* endpoints per estimate, tripping the per-IP
rate-limit (was 90/60s) and 429'ing trusted pilots behind Caddy basic_auth.
Requests carrying X-Authenticated-User (injected by Caddy) now bypass the
limiter; anonymous traffic stays throttled. Limit/window are env-configurable
(RATE_LIMIT default 90->300, RATE_LIMIT_WINDOW_S=60).

Closes #655
2026-05-29 18:30:53 +03:00