CLDSRV-781: Add ratelimiting pre MD fetch

anurag4DSB · anurag4DSB · commit d210a6aa5565 · 2025-11-19T16:01:25.000+01:00
diff --git a/lib/api/api.js b/lib/api/api.js
@@ -82,6 +82,10 @@ const checkHttpHeadersSize = require('./apiUtils/object/checkHttpHeadersSize');
 const constants = require('../../constants');
 const { config } = require('../Config.js');
 const { validateMethodChecksumNoChunking } = require('./apiUtils/integrity/validateChecksums');
+const {
+    getRateLimitFromCache,
+    checkRateLimitWithConfig,
+} = require('./apiUtils/rateLimit/helpers');
 
 const monitoringMap = policies.actionMaps.actionMonitoringMapS3;
 
@@ -178,7 +182,12 @@ const api = {
         }
         let returnTagCount = true;
 
-        const validationRes = validateQueryAndHeaders(request, log);
+        // Initialize rate limit tracker flag
+        request.rateLimitAlreadyChecked = false;
+
+        // Process the request with validation, authentication, and execution
+        const processRequest = () => {
+            const validationRes = validateQueryAndHeaders(request, log);
         if (validationRes.error) {
             log.debug('request query / header validation failed', {
                 error: validationRes.error,
@@ -335,6 +344,48 @@ const api = {
             }
             return this[apiMethod](userInfo, request, log, methodCallback);
         });
+        }; // End of processRequest helper function
+
+        // Cache-only rate limit check (fast path, no metadata fetch)
+        // If config is cached, apply rate limiting now
+        // If not cached, metadata validation functions will handle it
+        if (request.bucketName && config.rateLimiting?.enabled) {
+            const cachedConfig = getRateLimitFromCache(request.bucketName);
+
+            if (cachedConfig !== undefined) {
+                // Cache hit - apply rate limiting NOW (fast path)
+                return checkRateLimitWithConfig(
+                    request.bucketName,
+                    cachedConfig,
+                    log,
+                    (rateLimitErr, rateLimited) => {
+                        if (rateLimitErr) {
+                            log.error('Rate limit check error in api.js', {
+                                error: rateLimitErr,
+                            });
+                        }
+
+                        if (rateLimited) {
+                            log.addDefaultFields({
+                                rateLimited: true,
+                                rateLimitSource: cachedConfig.source,
+                            });
+                            return callback(config.rateLimiting.error);
+                        }
+
+                        // Set tracker - rate limiting already applied
+                        request.rateLimitAlreadyChecked = true;
+
+                        // Continue with normal flow
+                        return processRequest();
+                    }
+                );
+            }
+        }
+
+        // Cache miss or no bucket name - continue to metadata validation
+        // Rate limiting will happen there after metadata fetch
+        return processRequest();
     },
     bucketDelete,
     bucketDeleteCors,
