rckrdmrd/trading-platform-database
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ce9ae25a9b
trading-platform-database/ddl/schemas/auth/tables/10-rate_limiting_config.sql

83 lines
4.1 KiB
SQL
Raw Blame History

-- ============================================================================
-- OrbiQuant IA - Trading Platform
-- Schema: auth
-- File: tables/10-rate_limiting_config.sql
-- Description: Rate limiting configuration for API endpoints and auth operations
-- ============================================================================
CREATE TABLE auth.rate_limiting_config (
-- Primary Key
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-- Endpoint Configuration
endpoint VARCHAR(200) NOT NULL UNIQUE,
description TEXT,
-- Rate Limiting Parameters
max_requests INTEGER NOT NULL DEFAULT 100,
window_seconds INTEGER NOT NULL DEFAULT 60,
block_duration_seconds INTEGER DEFAULT 300,
-- Scope Configuration
scope VARCHAR(50) NOT NULL DEFAULT 'ip',
-- Status
is_active BOOLEAN NOT NULL DEFAULT true,
-- Metadata
metadata JSONB DEFAULT '{}'::jsonb,
-- Audit Fields
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
created_by_id UUID,
updated_by_id UUID,
-- Check Constraints
CONSTRAINT valid_rate_limits CHECK (
max_requests > 0 AND
window_seconds > 0 AND
(block_duration_seconds IS NULL OR block_duration_seconds > 0)
),
CONSTRAINT valid_scope CHECK (
scope IN ('ip', 'user', 'email', 'global')
)
);
-- Indexes for Performance
CREATE INDEX idx_rate_limiting_endpoint ON auth.rate_limiting_config(endpoint);
CREATE INDEX idx_rate_limiting_active ON auth.rate_limiting_config(is_active) WHERE is_active = true;
CREATE INDEX idx_rate_limiting_scope ON auth.rate_limiting_config(scope);
CREATE INDEX idx_rate_limiting_metadata ON auth.rate_limiting_config USING gin(metadata);
-- Insert Default Rate Limiting Rules
INSERT INTO auth.rate_limiting_config (endpoint, description, max_requests, window_seconds, block_duration_seconds, scope) VALUES
('/auth/login', 'Login endpoint rate limit', 5, 300, 900, 'ip'),
('/auth/register', 'Registration endpoint rate limit', 3, 3600, 1800, 'ip'),
('/auth/password-reset/request', 'Password reset request limit', 3, 3600, 1800, 'email'),
('/auth/password-reset/verify', 'Password reset verification limit', 5, 300, 900, 'ip'),
('/auth/verify-email', 'Email verification limit', 10, 3600, 1800, 'user'),
('/auth/verify-phone', 'Phone verification limit', 5, 3600, 1800, 'user'),
('/auth/refresh-token', 'Token refresh limit', 20, 300, 600, 'user'),
('/auth/logout', 'Logout endpoint limit', 10, 60, NULL, 'user'),
('/auth/mfa/enable', 'MFA enable limit', 5, 3600, NULL, 'user'),
('/auth/mfa/verify', 'MFA verification limit', 5, 300, 900, 'user');
-- Table Comments
COMMENT ON TABLE auth.rate_limiting_config IS 'Rate limiting configuration for API endpoints to prevent abuse and brute force attacks';
-- Column Comments
COMMENT ON COLUMN auth.rate_limiting_config.id IS 'Unique identifier for the configuration';
COMMENT ON COLUMN auth.rate_limiting_config.endpoint IS 'API endpoint path to rate limit';
COMMENT ON COLUMN auth.rate_limiting_config.description IS 'Description of the rate limit purpose';
COMMENT ON COLUMN auth.rate_limiting_config.max_requests IS 'Maximum requests allowed within the time window';
COMMENT ON COLUMN auth.rate_limiting_config.window_seconds IS 'Time window in seconds for rate limiting';
COMMENT ON COLUMN auth.rate_limiting_config.block_duration_seconds IS 'Duration to block after exceeding limit (null for no block)';
COMMENT ON COLUMN auth.rate_limiting_config.scope IS 'Scope of rate limit (ip, user, email, global)';
COMMENT ON COLUMN auth.rate_limiting_config.is_active IS 'Whether this rate limit is currently active';
COMMENT ON COLUMN auth.rate_limiting_config.metadata IS 'Additional configuration metadata as JSON';
COMMENT ON COLUMN auth.rate_limiting_config.created_at IS 'Timestamp when configuration was created';
COMMENT ON COLUMN auth.rate_limiting_config.updated_at IS 'Timestamp when configuration was last updated';
COMMENT ON COLUMN auth.rate_limiting_config.created_by_id IS 'ID of user who created this configuration';
COMMENT ON COLUMN auth.rate_limiting_config.updated_by_id IS 'ID of user who last updated this configuration';
Reference in New Issue View Git Blame Copy Permalink