fix(api): rate limit bug

packages/api/src/index.ts

@@ -17,6 +17,7 @@ import v6IssuesRoutes from 'routes/v6/issues';
 import v6ReportRoutes from 'routes/v6/report';
 import v6VersionRoutes from 'routes/v6/version';
 import environment from 'services/environment';
+import { keyGenerator } from 'services/rateLimit';
 
 const server = fastify({ logger: true });
 
@@ -30,6 +31,7 @@ server.register(cors, {
 
 server.register(rateLimit, {
   global: false,
+  keyGenerator,
 });
 
 server.register(v1EntriesRoutes, { prefix: '/rest/v1' });

packages/api/src/services/rateLimit.ts

@@ -1,3 +1,5 @@
+import type { FastifyRequest } from 'fastify';
+
 export const RATE_LIMIT_1_PER_HOUR = {
   max: 1,
   timeWindow: '1 hour',
@@ -17,3 +19,9 @@ export const RATE_LIMIT_3_PER_MIN = {
   max: 3,
   timeWindow: '1 minute',
 };
+
+export function keyGenerator(req: FastifyRequest): string {
+  const userIdentifier = req.headers['x-forwarded-for'] || req.headers['x-real-ip'] || req.ip;
+
+  return `${userIdentifier}:${req.routerPath}`;
+}