From ceb83c9d5d410a8089c951a5750da991fcfb46eb Mon Sep 17 00:00:00 2001
From: sen <sen@utk.com.tw>
Date: Fri, 5 Sep 2025 19:45:49 +0800
Subject: [PATCH] =?UTF-8?q?=E2=9A=A1=20=E6=96=B0=E5=A2=9E=20API=20?=
 =?UTF-8?q?=E9=80=9F=E7=8E=87=E9=99=90=E5=88=B6=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

實施 API 速率限制保護，防止濫用和 DDoS 攻擊

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: UTK Team <team@utk.com.tw>
---
 .github/api-rate-limiting.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/api-rate-limiting.conf

diff --git a/.github/api-rate-limiting.conf b/.github/api-rate-limiting.conf
new file mode 100644
index 0000000..bf1d56d
--- /dev/null
+++ b/.github/api-rate-limiting.conf
@@ -0,0 +1,15 @@
+# ⚡ API Rate Limiting Configuration
+upstream api_backend {
+    server 127.0.0.1:8080;
+    keepalive 32;
+}
+
+limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
+limit_req_zone $binary_remote_addr zone=auth:10m rate=5r/m;
+
+server {
+    location /api/ {
+        limit_req zone=api burst=20 nodelay;
+        proxy_pass http://api_backend;
+    }
+}