From 798e532dd7b22e5184310e8631cda890ef836b28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9=20=D0=A1=D0=B0?=
 =?UTF-8?q?=D0=B1=D0=B8=D0=BB=D0=B8=D0=BD?= <aleksey@sabilin.com>
Date: Sat, 25 Apr 2026 13:50:16 +0300
Subject: [PATCH] Rate Limiting

---
 Makefile                        |  3 +++
 docker/traefik/dynamic_conf.yml | 20 ++++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index e4aa254..787c8a6 100644
--- a/Makefile
+++ b/Makefile
@@ -181,6 +181,9 @@ wrk-search: ## Нагрузочный тест поиска (wrk2)
 		-H "Authorization: Bearer $$TOKEN" \
 		http://localhost:8080/v1/search?type=event\&q=test
 
+curl-health:
+	for i in {1..120}; do curl -k -s -o /dev/null -w "%{http_code}\n" -H "Host: api.eventhub.local" https://localhost/health; done
+
 wrk-health: ## Нагрузочный тест health (wrk2)
 	wrk -t4 -c100 -d30s -t100 \
 		-H "Host: api.eventhub.local" \
diff --git a/docker/traefik/dynamic_conf.yml b/docker/traefik/dynamic_conf.yml
index c5a4a64..e0a9a59 100644
--- a/docker/traefik/dynamic_conf.yml
+++ b/docker/traefik/dynamic_conf.yml
@@ -26,18 +26,30 @@ http:
 #            - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
             - "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""
 
+    api-ratelimit:
+      rateLimit:
+        average: 100
+        period: 1m
+        burst: 50
+
+    admin-ratelimit:
+      rateLimit:
+        average: 20
+        period: 1m
+        burst: 5
+
   routers:
     # REST API пользователей
     api:
       rule: "Host(`api.eventhub.local`)"
       entryPoints: ["web"]
-      middlewares: ["redirect-to-https", "waf"]
+      middlewares: ["redirect-to-https", "api-ratelimit", "waf"]
       service: "api"
     api-secure:
       rule: "Host(`api.eventhub.local`)"
       entryPoints: ["websecure"]
       tls: true
-      middlewares: ["waf"]
+      middlewares: ["api-ratelimit", "waf"]
       service: "api"
 
     # WebSocket пользователей (без WAF)
@@ -56,13 +68,13 @@ http:
     admin-api:
       rule: "Host(`admin.eventhub.local`)"
       entryPoints: ["web"]
-      middlewares: ["redirect-to-https", "waf"]
+      middlewares: ["redirect-to-https", "admin-ratelimit", "waf"]
       service: "admin-api"
     admin-api-secure:
       rule: "Host(`admin.eventhub.local`)"
       entryPoints: ["websecure"]
       tls: true
-      middlewares: ["waf"]
+      middlewares: ["admin-ratelimit", "waf"]
       service: "admin-api"
 
     # Админский WebSocket (без WAF)