adjust rate limit

Author: meirk-brd

lib/server/rate-limit.ts

@@ -1,5 +1,8 @@
 import { supabase } from './supabase'
 
+const MAX_RUNS_PER_PROVIDER = 10
+const ALLOWLISTED_IPS = ['130.41.220.17']
+
 type RateLimitResult =
   | { allowed: true }
   | { allowed: false; reason: string }
@@ -36,23 +39,37 @@ export async function checkAndRecordRun(
     // Ignore if RPC doesn't exist
   }
 
-  // Attempt to insert the (ip, provider) run — UNIQUE constraint enforces the limit
+  if (ALLOWLISTED_IPS.includes(ip)) {
+    return { allowed: true }
+  }
+
+  // Count how many runs this IP has already made for this provider
+  const { count, error: countError } = await supabase
+    .from('demo_runs')
+    .select('*', { count: 'exact', head: true })
+    .eq('ip', ip)
+    .eq('provider', provider)
+
+  if (countError) {
+    console.error('[rate-limit] demo_runs count failed:', countError.message)
+    // Fail open — don't block the user if counting breaks
+    return { allowed: true }
+  }
+
+  if ((count ?? 0) >= MAX_RUNS_PER_PROVIDER) {
+    return { allowed: false, reason: `Rate limit reached for provider: ${provider}` }
+  }
+
+  // Insert the run record
   const { error: insertError } = await supabase.from('demo_runs').insert({
     ip,
     provider,
     prompt,
   })
 
-  if (!insertError) {
-    return { allowed: true }
-  }
-
-  // Postgres unique_violation code = '23505'
-  if (insertError.code === '23505') {
-    return { allowed: false, reason: `Rate limit reached for provider: ${provider}` }
+  if (insertError) {
+    console.error('[rate-limit] demo_runs insert failed:', insertError.message)
   }
 
-  // Any other DB error — fail open
-  console.error('[rate-limit] demo_runs insert failed:', insertError.message)
   return { allowed: true }
 }