lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor rate limiting with exponential backoff strategy

Browse Source 
- Update rate limiter to use exponential backoff instead of fixed limit
- Implement progressive delays for failed login attempts (0.5s, 1s, 2s, 4s, 5s max)
- Update auth router documentation and endpoint docs
- Refactor test suite to match new rate limiting behavior
- Update backend development documentation
- Clean up unused tasks documentation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Lukas
2026-04-30 19:58:09 +02:00
parent 2db635ae19
commit 277f2a467c
6 changed files with 165 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
Docs/Tasks.md
View File

@@ -1,42 +1,3 @@
## [Backend] Exception handler overlap — broad handlers catching everything
**Where found**
- `backend/app/main.py:182-200``_get_error_code()` accepts any `Exception` and falls back to snake_case conversion
- Multiple handlers (lines 329-466) accept `Exception` as parameter
**Why this is needed**
Broad exception handlers create fragility: adding a new `DomainError` subclass without explicitly registering a handler silently falls through, producing generic error codes instead of specific ones. The fallback chain is not explicitly documented.
**Goal**
Make the exception handler registration explicit and documented. Every exception type that can bubble up should have a clear path to a handler.
**What to do**
1. Audit all exception handlers and confirm they are registered with the most specific base class
2. Add a comment block documenting the fallback chain
3. Ensure every custom `DomainError` subclass has `error_code` and `get_error_metadata()` implemented
4. Add a catch-all `Exception` handler as the absolute last resort
**Possible traps and issues**
- If a new `DomainError` subclass is added without handler registration, it silently returns wrong status code
- `ValueError` handler may catch Pydantic `ValidationError` subclasses
**Docs changes needed**
- Update `Docs/Architekture.md` § 2.2 (Application Entry Point) — document exception handler hierarchy
- Add section in `Docs/Backend-Development.md` on exception taxonomy
**Doc references**
- `Docs/Architekture.md` § 2.2 (Application Entry Point)
- `Docs/Backend-Development.md` (exception conventions)
---
## [Backend] Login rate limiter — penalty sleep does not block the request
**Where found**