feat: rate-limit /request and /subscribe

YOGESH-08 · YOGESH-08 · commit ee1a4fe70a0d · 2026-03-31T18:54:36.000+05:30
diff --git a/src/lib/utils/ratelimit.ts b/src/lib/utils/ratelimit.ts
@@ -0,0 +1,20 @@
+import { Ratelimit } from "@upstash/ratelimit";
+import { kv } from "@vercel/kv";
+
+// Rate limiter for AI Upload (5 requests per 15 minutes)
+export const aiUploadRatelimit = new Ratelimit({
+  redis: kv,
+  limiter: Ratelimit.slidingWindow(5, "900 s"),
+});
+
+// Rate limiter for Paper Requests (5 requests per 15 minutes)
+export const paperRequestRatelimit = new Ratelimit({
+  redis: kv,
+  limiter: Ratelimit.slidingWindow(5, "900 s"),
+});
+
+// Rate limiter for Subscriptions (3 requests per hour)
+export const subscribeRatelimit = new Ratelimit({
+  redis: kv,
+  limiter: Ratelimit.slidingWindow(3, "1 h"),
+});
diff --git a/src/middleware.ts b/src/middleware.ts
@@ -1,23 +1,48 @@
 import { type NextRequest, NextResponse } from "next/server";
-import { Ratelimit } from "@upstash/ratelimit";
-import { kv } from "@vercel/kv";
-
-const ratelimit = new Ratelimit({
-  redis: kv,
-  limiter: Ratelimit.slidingWindow(100, "900 s"),
-});
+import {
+  aiUploadRatelimit,
+  paperRequestRatelimit,
+  subscribeRatelimit,
+} from "./lib/utils/ratelimit";
 
 export const config = {
-  matcher: "/api/upload",
+  matcher: ["/api/upload", "/api/request", "/api/subscribe"],
 };
 
 export default async function middleware(request: NextRequest) {
   const ip = request.ip ?? "127.0.0.1";
-  const { success } = await ratelimit.limit(ip);
-  return success
-    ? NextResponse.next()
-    : NextResponse.json(
+  const { pathname } = request.nextUrl;
+
+  if (pathname === "/api/upload") {
+    const { success } = await aiUploadRatelimit.limit(ip);
+    if (!success) {
+      return NextResponse.json(
         { message: "You can upload a maximum of 5 papers every 15 minutes" },
         { status: 429 },
       );
+    }
+  }
+
+  if (pathname === "/api/request") {
+    const { success } = await paperRequestRatelimit.limit(ip);
+    if (!success) {
+      return NextResponse.json(
+        { message: "You can submit a maximum of 5 requests every 15 minutes" },
+        { status: 429 },
+      );
+    }
+  }
+
+  if (pathname === "/api/subscribe") {
+    const { success } = await subscribeRatelimit.limit(ip);
+    if (!success) {
+      return NextResponse.json(
+        { message: "Maximum of 3 newsletter subscriptions per hour" },
+        { status: 429 },
+      );
+    }
+  }
+
+  return NextResponse.next();
 }
+
