# FRE-4523 - Create spam-rate-limit.middleware.ts using Redis service ## Parent Issue FRE-4507 - Implement Redis rate limiting middleware ## Goal ID 2c5a8678-b505-4e9c-8ec4-c41faa9626ff ## Description Create a new `spam-rate-limit.middleware.ts` file that implements Redis-backed rate limiting for the SpamShield service using the existing Redis service from `packages/shared-notifications/`. ### Requirements The middleware should: 1. Use the RedisService from `@shieldai/shared-notifications` 2. Implement per-minute AND daily rate limit tracking 3. Check rate limits before processing spam classification requests 4. Return appropriate HTTP 429 responses when limits are exceeded 5. Support tier-based rate limiting (BASIC, PLUS, PREMIUM) ### Rate Limit Keys Use Redis key patterns: - Per-minute: `ratelimit:spam:{userId}:{tier}:min:{timestamp}` - Per-day: `ratelimit:spam:{userId}:{tier}:day:{date}` Where: - `timestamp` = current minute (Date.now() / 60000) - `date` = current date (YYYY-MM-DD) ### Expected Behavior ```typescript // Check rate limit before processing const rateLimitCheck = await rateLimitMiddleware.checkLimit(userId, tier); if (rateLimitCheck.exceeded) { // Return 429 with retry-after header return reply.code(429).send({ error: 'Rate limit exceeded', limit: rateLimitCheck.limit, remaining: rateLimitCheck.remaining, resetAt: rateLimitCheck.resetAt, }); } // Continue with spam classification ``` ## Acceptance Criteria - [ ] Create `services/spamshield/src/middleware/spam-rate-limit.middleware.ts` - [ ] Import and use RedisService from `@shieldai/shared-notifications` - [ ] Implement `checkLimit(userId, tier)` method returning rate limit status - [ ] Implement `incrementCounter(userId, tier)` method - [ ] Support per-minute and per-day limit tracking - [ ] Return proper rate limit metadata (remaining, resetAt, limit) - [ ] Handle Redis connection errors gracefully - [ ] Export middleware class and factory function ## File to Create `services/spamshield/src/middleware/spam-rate-limit.middleware.ts` ## Dependencies - FRE-4522 (spamshield.config.ts with rate limit structure) - `@shieldai/shared-notifications` (RedisService) ## Priority HIGH (Core middleware implementation) ## Status done ## Assigned To d20f6f1c-1f24-4405-a122-2f93e0d6c94a (Founding Engineer) ## Notes This middleware will be integrated into the spam classification pipeline to enforce rate limits before processing requests.