@dupecom/botcha-cloudflare 0.3.3 → 0.10.0

package/dist/rate-limit.d.ts

@@ -16,8 +16,18 @@ export interface RateLimitResult {
 }
 /**
  * Check and enforce rate limits
+ *
+ * @param kv - KV namespace for rate limit storage
+ * @param identifier - IP address (used when app_id is not provided)
+ * @param limit - Requests per hour limit (default: 100)
+ * @param app_id - Optional app ID for app-scoped rate limiting
+ *
+ * When app_id is provided, rate limiting is scoped to the app (uses 'rate:app:{app_id}' key).
+ * When app_id is not provided, rate limiting is scoped to IP (uses 'ratelimit:{ip}' key).
+ *
+ * App-scoped rate limiting takes precedence over IP-based rate limiting.
  */
-export declare function checkRateLimit(kv: KVNamespace | undefined, identifier: string, limit?: number): Promise<RateLimitResult>;
+export declare function checkRateLimit(kv: KVNamespace | undefined, identifier: string, limit?: number, app_id?: string): Promise<RateLimitResult>;
 /**
  * Extract client IP from request
  */

package/dist/rate-limit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../src/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,eAAe;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,EAAE,EAAE,WAAW,GAAG,SAAS,EAC3B,UAAU,EAAE,MAAM,EAClB,KAAK,GAAE,MAAY,GAClB,OAAO,CAAC,eAAe,CAAC,CA8E1B;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,CAapD"}
+{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../src/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,eAAe;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,EAAE,EAAE,WAAW,GAAG,SAAS,EAC3B,UAAU,EAAE,MAAM,EAClB,KAAK,GAAE,MAAY,EACnB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,CAAC,CA+E1B;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,CAapD"}

package/dist/rate-limit.js

@@ -5,8 +5,18 @@
  */
 /**
  * Check and enforce rate limits
+ *
+ * @param kv - KV namespace for rate limit storage
+ * @param identifier - IP address (used when app_id is not provided)
+ * @param limit - Requests per hour limit (default: 100)
+ * @param app_id - Optional app ID for app-scoped rate limiting
+ *
+ * When app_id is provided, rate limiting is scoped to the app (uses 'rate:app:{app_id}' key).
+ * When app_id is not provided, rate limiting is scoped to IP (uses 'ratelimit:{ip}' key).
+ *
+ * App-scoped rate limiting takes precedence over IP-based rate limiting.
  */
-export async function checkRateLimit(kv, identifier, limit = 100) {
+export async function checkRateLimit(kv, identifier, limit = 100, app_id) {
     if (!kv) {
         // No KV = no rate limiting (local dev)
         return {
@@ -15,7 +25,8 @@ export async function checkRateLimit(kv, identifier, limit = 100) {
             resetAt: Date.now() + 3600000,
         };
     }
-    const key = `ratelimit:${identifier}`;
+    // Use app-scoped key if app_id provided, otherwise use IP-based key
+    const key = app_id ? `rate:app:${app_id}` : `ratelimit:${identifier}`;
     const now = Date.now();
     const windowStart = now - 3600000; // 1 hour ago
     try {

package/dist/routes/stream.js

@@ -158,7 +158,7 @@ app.post('/v1/challenge/stream/:session', async (c) => {
                 problems,
                 timeLimit: 500,
                 timerStart, // Include so client can verify timing
-                instructions: 'Compute SHA256 of each number, return first 8 hex chars',
+                instructions: 'Compute SHA256 of each number, return first 8 hex chars. Tip: compute all hashes and submit in a single HTTP request.',
             },
         });
     }