fix: add ratelimit to reactions endpoint

app/api/reactions/route.ts

@@ -1,3 +1,4 @@
+import { Ratelimit } from '@upstash/ratelimit'
 import { revalidateTag } from 'next/cache'
 import { type NextRequest, NextResponse } from 'next/server'
 
@@ -19,6 +20,18 @@ export async function GET(req: NextRequest) {
  await redis.set(getKey(id), [0, 0, 0, 0])
  }
 
+ const ratelimit = new Ratelimit({
+ redis,
+ limiter: Ratelimit.slidingWindow(30, '10 s'),
+ analytics: true,
+ })
+ const { success } = await ratelimit.limit(getKey(id))
+ if (!success) {
+ return new Response('Too Many Requests', {
+ status: 429,
+ })
+ }
+
  return NextResponse.json(value ?? [0, 0, 0, 0])
 }
 
@@ -32,6 +45,18 @@ export async function PATCH(req: NextRequest) {
 
  const key = getKey(id)
 
+ const ratelimit = new Ratelimit({
+ redis,
+ limiter: Ratelimit.slidingWindow(50, '10 s'),
+ analytics: true,
+ })
+ const { success } = await ratelimit.limit(key)
+ if (!success) {
+ return new Response('Too Many Requests', {
+ status: 429,
+ })
+ }
+
  let current = await redis.get<number[]>(key)
  if (!current) {
  await redis.set(key, [0, 0, 0, 0])

lib/redis.ts

@@ -1,3 +1,4 @@
+import { Ratelimit } from '@upstash/ratelimit'
 import { Redis } from '@upstash/redis'
 
 import { env } from '~/env.mjs'
@@ -6,3 +7,10 @@ export const redis = new Redis({
  url: env.UPSTASH_REDIS_REST_URL,
  token: env.UPSTASH_REDIS_REST_TOKEN,
 })
+
+// Create a new ratelimiter, that allows 30 requests per 10 seconds
+export const ratelimit = new Ratelimit({
+ redis,
+ limiter: Ratelimit.slidingWindow(30, '10 s'),
+ analytics: true,
+})

package.json

@@ -21,6 +21,7 @@
  "@sanity/image-url": "^1.0.2",
  "@sanity/ui": "^1.3.3",
  "@sanity/vision": "^3.11.1",
+ "@upstash/ratelimit": "^0.4.3",
  "@upstash/redis": "^1.20.6",
  "@vercel/analytics": "^1.0.1",
  "@vercel/edge-config": "^0.1.11",