Problem
FastAPI endpoints executing forensic parsing, metadata extraction, and antivirus checks are computationally heavy processes that write chunks to temporary disk paths and spawn sub-processes. Currently, there is no rate limiting on the /api/ endpoints. A single malicious or misconfigured client could flood the server with heavy uploads, exhausting CPU cores, memory limits, and disk space (DDoS).
Current Behavior
- Every HTTP request to endpoints is processed instantly.
- Concurrent heavy uploads are scanned and run immediately in worker sub-processes without capacity limits.
Why This Improvement Is Needed
Digital forensics backends require enterprise-grade security boundaries. Rate limiting at the application layer protects key endpoints against automation abuse, ensures high availability, and prevents resource exhaustion bottlenecks.
Proposed Solution
- Introduce a thread-safe
RateLimiter class using a sliding-window token-bucket algorithm in Server/security.py.
- Configure limit counts and windows (e.g. 30 requests / 60 seconds) through environmental variables.
- Build a FastAPI HTTP middleware in
Server/main.py intercepting all requests under /api/.
- Parse client IPs (extracting from proxies via
X-Forwarded-For when available) and enforce rate checks.
- Return standard
X-RateLimit-* and Retry-After headers on response, blocking exceeders with a clean 429 Too Many Requests.
Expected Outcome
- Hard API abuse boundaries established.
- Dynamic rate-limit telemetry returned to frontend developers.
Additional Notes
No third-party caching backend (like Redis) is required; fully implemented in-memory for zero-overhead deployment compatibility.
Problem
FastAPI endpoints executing forensic parsing, metadata extraction, and antivirus checks are computationally heavy processes that write chunks to temporary disk paths and spawn sub-processes. Currently, there is no rate limiting on the
/api/endpoints. A single malicious or misconfigured client could flood the server with heavy uploads, exhausting CPU cores, memory limits, and disk space (DDoS).Current Behavior
Why This Improvement Is Needed
Digital forensics backends require enterprise-grade security boundaries. Rate limiting at the application layer protects key endpoints against automation abuse, ensures high availability, and prevents resource exhaustion bottlenecks.
Proposed Solution
RateLimiterclass using a sliding-window token-bucket algorithm inServer/security.py.Server/main.pyintercepting all requests under/api/.X-Forwarded-Forwhen available) and enforce rate checks.X-RateLimit-*andRetry-Afterheaders on response, blocking exceeders with a clean429 Too Many Requests.Expected Outcome
Additional Notes
No third-party caching backend (like Redis) is required; fully implemented in-memory for zero-overhead deployment compatibility.