novuhq · rifont · Dec 5, 2023 · Nov 3, 2023 · Nov 3, 2023 · Nov 3, 2023
diff --git a/.cspell.json b/.cspell.json
@@ -530,7 +530,12 @@
     "maildata",
     "brevo",
     "Getstream",
-    "getstream"
+    "getstream",
+    "upstash",
+    "Upstash",
+    "Krakend",
+    "ratelimit",
+    "Ratelimit",
   ],
   "flagWords": [],
   "patterns": [

diff --git a/apps/api/package.json b/apps/api/package.json
@@ -39,6 +39,7 @@
     "@nestjs/platform-express": "^10.2.2",
     "@nestjs/swagger": "^7.1.8",
     "@nestjs/terminus": "^10.0.1",
+    "@nestjs/throttler": "^5.0.1",
     "@novu/application-generic": "^0.21.0",
     "@novu/dal": "^0.21.0",
     "@novu/node": "^0.21.0",
@@ -50,6 +51,7 @@
     "@sentry/node": "^7.40.0",
     "@sentry/tracing": "^7.40.0",
     "@types/newrelic": "^9.14.0",
+    "@upstash/ratelimit": "^0.4.4",
     "axios": "^1.3.3",
     "bcrypt": "^5.0.0",
     "body-parser": "^1.20.0",

diff --git a/apps/api/src/.env.development b/apps/api/src/.env.development
@@ -25,7 +25,6 @@ REDIS_CACHE_FAMILY=
 REDIS_CACHE_KEY_PREFIX=
 REDIS_CACHE_ENABLE_AUTOPIPELINING=true
 
-IS_API_RATE_LIMITING_ENABLED=false
 IS_IN_MEMORY_CLUSTER_MODE_ENABLED=false
 ELASTICACHE_CLUSTER_SERVICE_HOST=
 ELASTICACHE_CLUSTER_SERVICE_PORT=
@@ -68,3 +67,18 @@ LAUNCH_DARKLY_SDK_KEY=
 
 IS_API_IDEMPOTENCY_ENABLED=false
 AUTO_CREATE_INDEXES=true
+
+IS_API_RATE_LIMITING_ENABLED=false
+API_RATE_LIMIT_COST_SINGLE=
+API_RATE_LIMIT_COST_BULK=
+API_RATE_LIMIT_ALGORITHM_BURST_ALLOWANCE=
+API_RATE_LIMIT_ALGORITHM_WINDOW_DURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_FREE_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_FREE_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_FREE_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_GLOBAL=
diff --git a/apps/api/src/.env.production b/apps/api/src/.env.production
@@ -13,7 +13,6 @@ REDIS_PORT=6379
 REDIS_PREFIX=
 REDIS_DB_INDEX=2
 
-IS_API_RATE_LIMITING_ENABLED=false
 IS_IN_MEMORY_CLUSTER_MODE_ENABLED=false
 ELASTICACHE_CLUSTER_SERVICE_HOST=
 ELASTICACHE_CLUSTER_SERVICE_PORT=
@@ -58,3 +57,18 @@ LAUNCH_DARKLY_SDK_KEY=
 IS_API_IDEMPOTENCY_ENABLED=false
 ## This value should be set to true if it is the first time you are running the with the database
 AUTO_CREATE_INDEXES=false
+
+IS_API_RATE_LIMITING_ENABLED=false
+API_RATE_LIMIT_COST_SINGLE=
+API_RATE_LIMIT_COST_BULK=
+API_RATE_LIMIT_ALGORITHM_BURST_ALLOWANCE=
+API_RATE_LIMIT_ALGORITHM_WINDOW_DURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_FREE_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_FREE_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_FREE_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_GLOBAL=
diff --git a/apps/api/src/.env.test b/apps/api/src/.env.test
@@ -23,7 +23,6 @@ REDIS_CACHE_FAMILY=
 REDIS_CACHE_KEY_PREFIX=
 REDIS_CACHE_ENABLE_AUTOPIPELINING=false
 
-IS_API_RATE_LIMITING_ENABLED=false
 IS_IN_MEMORY_CLUSTER_MODE_ENABLED=false
 ELASTICACHE_CLUSTER_SERVICE_HOST=
 ELASTICACHE_CLUSTER_SERVICE_PORT=
@@ -93,3 +92,18 @@ NOVU_SMS_INTEGRATION_SENDER=1234567890
 
 IS_API_IDEMPOTENCY_ENABLED=true
 AUTO_CREATE_INDEXES=true
+
+IS_API_RATE_LIMITING_ENABLED=false
+API_RATE_LIMIT_COST_SINGLE=
+API_RATE_LIMIT_COST_BULK=
+API_RATE_LIMIT_ALGORITHM_BURST_ALLOWANCE=
+API_RATE_LIMIT_ALGORITHM_WINDOW_DURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_FREE_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_FREE_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_FREE_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_GLOBAL=
diff --git a/apps/api/src/.example.env b/apps/api/src/.example.env
@@ -23,7 +23,6 @@ REDIS_CACHE_FAMILY=
 REDIS_CACHE_KEY_PREFIX=
 REDIS_CACHE_ENABLE_AUTOPIPELINING=
 
-IS_API_RATE_LIMITING_ENABLED=false
 IS_IN_MEMORY_CLUSTER_MODE_ENABLED=false
 REDIS_CLUSTER_SERVICE_HOST=
 REDIS_CLUSTER_SERVICE_PORT=
@@ -63,3 +62,18 @@ INTERCOM_IDENTITY_VERIFICATION_SECRET_KEY=
 LOGGING_LEVEL=info
 
 LAUNCH_DARKLY_SDK_KEY=
+
+IS_API_RATE_LIMITING_ENABLED=false
+API_RATE_LIMIT_COST_SINGLE=
+API_RATE_LIMIT_COST_BULK=
+API_RATE_LIMIT_ALGORITHM_BURST_ALLOWANCE=
+API_RATE_LIMIT_ALGORITHM_WINDOW_DURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_BUSINESS_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_FREE_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_FREE_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_FREE_GLOBAL=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_TRIGGER=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_CONFIGURATION=
+API_RATE_LIMIT_MAXIMUM_UNLIMITED_GLOBAL=
diff --git a/apps/api/src/app.module.ts b/apps/api/src/app.module.ts
@@ -1,6 +1,6 @@
 import { DynamicModule, HttpException, Module, Logger, Provider } from '@nestjs/common';
 import { RavenInterceptor, RavenModule } from 'nest-raven';
-import { APP_INTERCEPTOR } from '@nestjs/core';
+import { APP_GUARD, APP_INTERCEPTOR } from '@nestjs/core';
 import { Type } from '@nestjs/common/interfaces/type.interface';
 import { ForwardReference } from '@nestjs/common/interfaces/modules/forward-reference.interface';
 
@@ -33,6 +33,8 @@ import { BlueprintModule } from './app/blueprint/blueprint.module';
 import { TenantModule } from './app/tenant/tenant.module';
 import { IdempotencyInterceptor } from './app/shared/framework/idempotency.interceptor';
 import { WorkflowOverridesModule } from './app/workflow-overrides/workflow-overrides.module';
+import { ApiRateLimitInterceptor } from './app/rate-limiting/guards';
+import { RateLimitingModule } from './app/rate-limiting/rate-limiting.module';
 
 const enterpriseImports = (): Array<Type | DynamicModule | Promise<DynamicModule> | ForwardReference> => {
   const modules: Array<Type | DynamicModule | Promise<DynamicModule> | ForwardReference> = [];
@@ -75,13 +77,18 @@ const baseModules: Array<Type | DynamicModule | Promise<DynamicModule> | Forward
   BlueprintModule,
   TenantModule,
   WorkflowOverridesModule,
+  RateLimitingModule,
 ];
 
 const enterpriseModules = enterpriseImports();
 
 const modules = baseModules.concat(enterpriseModules);
 
 const providers: Provider[] = [
+  {
+    provide: APP_INTERCEPTOR,
+    useClass: ApiRateLimitInterceptor,
+  },
   {
     provide: APP_INTERCEPTOR,
     useClass: IdempotencyInterceptor,

diff --git a/apps/api/src/app/organization/e2e/create-organization.e2e.ts b/apps/api/src/app/organization/e2e/create-organization.e2e.ts
@@ -1,6 +1,6 @@
 import { MemberRepository, OrganizationRepository } from '@novu/dal';
 import { UserSession } from '@novu/testing';
-import { ApiServiceLevelTypeEnum, MemberRoleEnum } from '@novu/shared';
+import { ApiServiceLevelEnum, MemberRoleEnum } from '@novu/shared';
 import { expect } from 'chai';
 
 describe('Create Organization - /organizations (POST)', async () => {
@@ -53,7 +53,7 @@ describe('Create Organization - /organizations (POST)', async () => {
       const { body } = await session.testAgent.post('/v1/organizations').send(testOrganization).expect(201);
       const dbOrganization = await organizationRepository.findById(body.data._id);
 
-      expect(dbOrganization?.apiServiceLevel).to.eq(ApiServiceLevelTypeEnum.FREE);
+      expect(dbOrganization?.apiServiceLevel).to.eq(ApiServiceLevelEnum.FREE);
     });
   });
 });
diff --git a/apps/api/src/app/organization/usecases/create-organization/create-organization.usecase.ts b/apps/api/src/app/organization/usecases/create-organization/create-organization.usecase.ts
@@ -1,6 +1,6 @@
 import { Inject, Injectable, Scope } from '@nestjs/common';
 import { OrganizationEntity, OrganizationRepository, UserRepository } from '@novu/dal';
-import { ApiServiceLevelTypeEnum, MemberRoleEnum } from '@novu/shared';
+import { ApiServiceLevelEnum, MemberRoleEnum } from '@novu/shared';
 import { AnalyticsService } from '@novu/application-generic';
 
 import { CreateEnvironmentCommand } from '../../../environments/usecases/create-environment/create-environment.command';
@@ -36,7 +36,7 @@ export class CreateOrganization {
     const createdOrganization = await this.organizationRepository.create({
       logo: command.logo,
       name: command.name,
-      apiServiceLevel: ApiServiceLevelTypeEnum.FREE,
+      apiServiceLevel: ApiServiceLevelEnum.FREE,
     });
 
     await this.addMemberUsecase.execute(

diff --git a/apps/api/src/app/rate-limiting/e2e/.gitkeep b/apps/api/src/app/rate-limiting/e2e/.gitkeep
diff --git a/apps/api/src/app/rate-limiting/guards/.gitkeep b/apps/api/src/app/rate-limiting/guards/.gitkeep
diff --git a/apps/api/src/app/rate-limiting/guards/index.ts b/apps/api/src/app/rate-limiting/guards/index.ts
@@ -0,0 +1,2 @@
+export * from './throttler.decorator';
+export * from './throttler.guard';
diff --git a/apps/api/src/app/rate-limiting/guards/throttler.decorator.ts b/apps/api/src/app/rate-limiting/guards/throttler.decorator.ts
@@ -0,0 +1,8 @@
+import { Reflector } from '@nestjs/core';
+import { ApiRateLimitCategoryEnum, ApiRateLimitCostEnum } from '@novu/shared';
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const ThrottlerCategory = Reflector.createDecorator<ApiRateLimitCategoryEnum>();
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const ThrottlerCost = Reflector.createDecorator<ApiRateLimitCostEnum>();
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		export * from './throttler.decorator';
		export * from './throttler.guard';