-- ============================================================================ -- OrbiQuant IA - Trading Platform -- Schema: auth -- File: tables/10-rate_limiting_config.sql -- Description: Rate limiting configuration for API endpoints and auth operations -- ============================================================================ CREATE TABLE auth.rate_limiting_config ( -- Primary Key id UUID PRIMARY KEY DEFAULT gen_random_uuid(), -- Endpoint Configuration endpoint VARCHAR(200) NOT NULL UNIQUE, description TEXT, -- Rate Limiting Parameters max_requests INTEGER NOT NULL DEFAULT 100, window_seconds INTEGER NOT NULL DEFAULT 60, block_duration_seconds INTEGER DEFAULT 300, -- Scope Configuration scope VARCHAR(50) NOT NULL DEFAULT 'ip', -- Status is_active BOOLEAN NOT NULL DEFAULT true, -- Metadata metadata JSONB DEFAULT '{}'::jsonb, -- Audit Fields created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), created_by_id UUID, updated_by_id UUID, -- Check Constraints CONSTRAINT valid_rate_limits CHECK ( max_requests > 0 AND window_seconds > 0 AND (block_duration_seconds IS NULL OR block_duration_seconds > 0) ), CONSTRAINT valid_scope CHECK ( scope IN ('ip', 'user', 'email', 'global') ) ); -- Indexes for Performance CREATE INDEX idx_rate_limiting_endpoint ON auth.rate_limiting_config(endpoint); CREATE INDEX idx_rate_limiting_active ON auth.rate_limiting_config(is_active) WHERE is_active = true; CREATE INDEX idx_rate_limiting_scope ON auth.rate_limiting_config(scope); CREATE INDEX idx_rate_limiting_metadata ON auth.rate_limiting_config USING gin(metadata); -- Insert Default Rate Limiting Rules INSERT INTO auth.rate_limiting_config (endpoint, description, max_requests, window_seconds, block_duration_seconds, scope) VALUES ('/auth/login', 'Login endpoint rate limit', 5, 300, 900, 'ip'), ('/auth/register', 'Registration endpoint rate limit', 3, 3600, 1800, 'ip'), ('/auth/password-reset/request', 'Password reset request limit', 3, 3600, 1800, 'email'), ('/auth/password-reset/verify', 'Password reset verification limit', 5, 300, 900, 'ip'), ('/auth/verify-email', 'Email verification limit', 10, 3600, 1800, 'user'), ('/auth/verify-phone', 'Phone verification limit', 5, 3600, 1800, 'user'), ('/auth/refresh-token', 'Token refresh limit', 20, 300, 600, 'user'), ('/auth/logout', 'Logout endpoint limit', 10, 60, NULL, 'user'), ('/auth/mfa/enable', 'MFA enable limit', 5, 3600, NULL, 'user'), ('/auth/mfa/verify', 'MFA verification limit', 5, 300, 900, 'user'); -- Table Comments COMMENT ON TABLE auth.rate_limiting_config IS 'Rate limiting configuration for API endpoints to prevent abuse and brute force attacks'; -- Column Comments COMMENT ON COLUMN auth.rate_limiting_config.id IS 'Unique identifier for the configuration'; COMMENT ON COLUMN auth.rate_limiting_config.endpoint IS 'API endpoint path to rate limit'; COMMENT ON COLUMN auth.rate_limiting_config.description IS 'Description of the rate limit purpose'; COMMENT ON COLUMN auth.rate_limiting_config.max_requests IS 'Maximum requests allowed within the time window'; COMMENT ON COLUMN auth.rate_limiting_config.window_seconds IS 'Time window in seconds for rate limiting'; COMMENT ON COLUMN auth.rate_limiting_config.block_duration_seconds IS 'Duration to block after exceeding limit (null for no block)'; COMMENT ON COLUMN auth.rate_limiting_config.scope IS 'Scope of rate limit (ip, user, email, global)'; COMMENT ON COLUMN auth.rate_limiting_config.is_active IS 'Whether this rate limit is currently active'; COMMENT ON COLUMN auth.rate_limiting_config.metadata IS 'Additional configuration metadata as JSON'; COMMENT ON COLUMN auth.rate_limiting_config.created_at IS 'Timestamp when configuration was created'; COMMENT ON COLUMN auth.rate_limiting_config.updated_at IS 'Timestamp when configuration was last updated'; COMMENT ON COLUMN auth.rate_limiting_config.created_by_id IS 'ID of user who created this configuration'; COMMENT ON COLUMN auth.rate_limiting_config.updated_by_id IS 'ID of user who last updated this configuration';