feat(api): centralize API rate limiting policy

Author: FrodeHus

AGENTS.md

@@ -89,7 +89,7 @@ Canonical entities must enforce EF max-length caps and FK `Guid` validity at the
 <!-- gitnexus:start -->
 # GitNexus — Code Intelligence
 
-This project is indexed by GitNexus as **PatchHound** (11435 symbols, 97109 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
+This project is indexed by GitNexus as **PatchHound** (11438 symbols, 97109 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
 
 > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.
 

CLAUDE.md

@@ -89,7 +89,7 @@ Canonical entities must enforce EF max-length caps and FK `Guid` validity at the
 <!-- gitnexus:start -->
 # GitNexus — Code Intelligence
 
-This project is indexed by GitNexus as **PatchHound** (11435 symbols, 97109 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
+This project is indexed by GitNexus as **PatchHound** (11438 symbols, 97109 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
 
 > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.
 

src/PatchHound.Api/Program.cs

@@ -11,6 +11,7 @@
 using PatchHound.Api.Auth;
 using PatchHound.Api.Hubs;
 using PatchHound.Api.Middleware;
+using PatchHound.Api.RateLimiting;
 using PatchHound.Api.Workers;
 using PatchHound.Core.Enums;
 using PatchHound.Core.Interfaces;
@@ -438,18 +439,11 @@
 {
     options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(context =>
     {
-        var partitionKey = context.User.Identity?.Name
-            ?? context.User.FindFirst("runner_id")?.Value
-            ?? context.Connection.RemoteIpAddress?.ToString()
-            ?? "anonymous";
+        var partitionKey = ApiRateLimitingPolicy.GetPartitionKey(context);
 
         return RateLimitPartition.GetFixedWindowLimiter(
             partitionKey,
-            _ => new FixedWindowRateLimiterOptions
-            {
-                PermitLimit = 100,
-                Window = TimeSpan.FromMinutes(1),
-            }
+            _ => ApiRateLimitingPolicy.CreateFixedWindowOptions()
         );
     });
     options.RejectionStatusCode = 429;

src/PatchHound.Api/RateLimiting/ApiRateLimitingPolicy.cs

@@ -0,0 +1,60 @@
+using System.Threading.RateLimiting;
+using Microsoft.AspNetCore.Http;
+
+namespace PatchHound.Api.RateLimiting;
+
+public static class ApiRateLimitingPolicy
+{
+    private static readonly string[] UserClaimTypes =
+    [
+        "oid",
+        "sub",
+        "preferred_username",
+        "upn",
+        "name",
+    ];
+
+    public static string GetPartitionKey(HttpContext context)
+    {
+        var runnerId = GetClaimValue(context, "runner_id");
+        if (!string.IsNullOrWhiteSpace(runnerId))
+        {
+            return $"runner:{runnerId}";
+        }
+
+        foreach (var claimType in UserClaimTypes)
+        {
+            var value = GetClaimValue(context, claimType);
+            if (!string.IsNullOrWhiteSpace(value))
+            {
+                return $"user:{value}";
+            }
+        }
+
+        if (!string.IsNullOrWhiteSpace(context.User.Identity?.Name))
+        {
+            return $"user:{context.User.Identity.Name}";
+        }
+
+        var remoteAddress = context.Connection.RemoteIpAddress?.ToString();
+        return !string.IsNullOrWhiteSpace(remoteAddress)
+            ? $"ip:{remoteAddress}"
+            : "anonymous";
+    }
+
+    public static FixedWindowRateLimiterOptions CreateFixedWindowOptions()
+    {
+        return new FixedWindowRateLimiterOptions
+        {
+            PermitLimit = 1_200,
+            Window = TimeSpan.FromMinutes(1),
+            QueueLimit = 200,
+            QueueProcessingOrder = QueueProcessingOrder.OldestFirst,
+        };
+    }
+
+    private static string? GetClaimValue(HttpContext context, string claimType)
+    {
+        return context.User.FindFirst(claimType)?.Value;
+    }
+}

tests/PatchHound.Tests/Api/ApiRateLimitingTests.cs

@@ -0,0 +1,56 @@
+using System.Security.Claims;
+using FluentAssertions;
+using Microsoft.AspNetCore.Http;
+using PatchHound.Api.RateLimiting;
+
+namespace PatchHound.Tests.Api;
+
+public class ApiRateLimitingTests
+{
+    [Fact]
+    public void GetPartitionKey_UsesAuthenticatedObjectIdBeforeRemoteAddress()
+    {
+        var context = new DefaultHttpContext
+        {
+            User = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    [new Claim("oid", "user-1")],
+                    authenticationType: "Bearer"
+                )
+            ),
+        };
+        context.Connection.RemoteIpAddress = System.Net.IPAddress.Parse("10.0.0.1");
+
+        var partitionKey = ApiRateLimitingPolicy.GetPartitionKey(context);
+
+        partitionKey.Should().Be("user:user-1");
+    }
+
+    [Fact]
+    public void GetPartitionKey_UsesRunnerIdForScanRunnerRequests()
+    {
+        var context = new DefaultHttpContext
+        {
+            User = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    [new Claim("runner_id", "runner-1")],
+                    authenticationType: "ScanRunner"
+                )
+            ),
+        };
+
+        var partitionKey = ApiRateLimitingPolicy.GetPartitionKey(context);
+
+        partitionKey.Should().Be("runner:runner-1");
+    }
+
+    [Fact]
+    public void CreateFixedWindowOptions_AllowsFrontendNavigationBursts()
+    {
+        var options = ApiRateLimitingPolicy.CreateFixedWindowOptions();
+
+        options.PermitLimit.Should().BeGreaterThanOrEqualTo(1_000);
+        options.Window.Should().Be(TimeSpan.FromMinutes(1));
+        options.QueueLimit.Should().BeGreaterThanOrEqualTo(100);
+    }
+}