Add API Tokens and Rate Limiter per Token

[clsource]

Create a mechanism for API protection against bad actors and malicious scrappers.

• Create access tokens table
• Protect all endpoints with access token
• Rate limit per token and type

Table api_tokens {
  id string [primary key, note: 'uuidv7']
  name string [not null, note: 'identifier for backoffice']
  description string [note: 'small description for backoffice']
  token string [not null, note: 'uuidv7']
  type string [not null, note: 'user | admin']
  max_requests integer [not null, default: 100, note:'max requests per minute']
  created_at timestamp
  last_used_at timestamp
}

This token table will replace the current admin token hardcoded in config.
Maybe it will need a new process to check if the max was exceeded.

[clsource]

https://github.com/ExHammer/hammer

[clsource]

https://akoutmos.com/post/rate-limiting-with-genservers/

[clsource]

https://blog.appsignal.com/2025/02/04/building-a-distributed-rate-limiter-in-elixir-with-hashring.html

[clsource]

https://paraxial.io/blog/auth-rate-limit

[clsource]

sequenceDiagram
    Client->>+API: HTTP POST <<Header: API TOKEN>>
    Client->>+API: HTTP POST <<Header: API TOKEN>>
    API-->>-Client: 200 OK
    API-->>-Client: 429 Too Many Requests

Loading