kin: BATON-SEC-006-backend_dev

backend/middleware.py

@@ -1,13 +1,12 @@
 from __future__ import annotations
 
 import secrets
-import time
 from typing import Optional
 
 from fastapi import Depends, Header, HTTPException, Request
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
-from backend import config
+from backend import config, db
 
 _bearer = HTTPBearer(auto_error=False)
 
@@ -45,28 +44,14 @@ async def verify_admin_token(
 
 
 async def rate_limit_register(request: Request) -> None:
-    counters = request.app.state.rate_counters
-    client_ip = _get_client_ip(request)
-    now = time.time()
-    count, window_start = counters.get(client_ip, (0, now))
-    if now - window_start >= _RATE_WINDOW:
-        count = 0
-        window_start = now
-    count += 1
-    counters[client_ip] = (count, window_start)
+    key = f"reg:{_get_client_ip(request)}"
+    count = await db.rate_limit_increment(key, _RATE_WINDOW)
     if count > _RATE_LIMIT:
         raise HTTPException(status_code=429, detail="Too Many Requests")
 
 
 async def rate_limit_signal(request: Request) -> None:
-    counters = request.app.state.rate_counters
     key = f"sig:{_get_client_ip(request)}"
-    now = time.time()
-    count, window_start = counters.get(key, (0, now))
-    if now - window_start >= _SIGNAL_RATE_WINDOW:
-        count = 0
-        window_start = now
-    count += 1
-    counters[key] = (count, window_start)
+    count = await db.rate_limit_increment(key, _SIGNAL_RATE_WINDOW)
     if count > _SIGNAL_RATE_LIMIT:
         raise HTTPException(status_code=429, detail="Too Many Requests")