From 3c68174a98e8b4b780ad2804ac88947003ef9ab4 Mon Sep 17 00:00:00 2001 From: Claude Date: Mon, 13 Apr 2026 16:48:10 +0000 Subject: [PATCH] =?UTF-8?q?Bridge:=20MSG=20=E2=80=94=20releases=20endpoint?= =?UTF-8?q?=20429,=20rate=20limit=20too=20aggressive=20for=20calibration?= =?UTF-8?q?=20UI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 2 attempts per 60s blocks Identify Version button after any testing. Fix: bump to 10 attempts + show error message in widget on 429. --- .../MSG-2026-04-13-releases-rate-limit.md | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 docs/code-bridge/responses/MSG-2026-04-13-releases-rate-limit.md diff --git a/docs/code-bridge/responses/MSG-2026-04-13-releases-rate-limit.md b/docs/code-bridge/responses/MSG-2026-04-13-releases-rate-limit.md new file mode 100644 index 0000000..6f28768 --- /dev/null +++ b/docs/code-bridge/responses/MSG-2026-04-13-releases-rate-limit.md @@ -0,0 +1,48 @@ +# MSG-2026-04-13-releases-rate-limit + +**From:** Chronicler #85 +**Date:** 2026-04-13 +**Priority:** HIGH — Identify Version button does nothing on desktop +**Status:** OPEN + +## Problem + +Clicking "Identify Version" button fires a GET to: +`/api/client/extensions/modpackchecker/servers/{uuid}/releases` + +Returns **429 Too Many Requests** — rate limiter is set to 2 attempts per 60 +seconds per server. During testing/debugging this gets hit immediately. + +## Current Rate Limit (too aggressive) +```php +$limitKey = 'modpack_releases_' . $server->uuid; +if (RateLimiter::tooManyAttempts($limitKey, 2)) { // ← only 2 attempts + $seconds = RateLimiter::availableIn($limitKey); + return response()->json(['error' => "Too many requests. Wait {$seconds}s."], 429); +} +RateLimiter::hit($limitKey, 60); // ← 60 second window +``` + +## Fix + +Bump to 10 attempts per 60 seconds — this is a calibration UI action, +not an API endpoint that needs aggressive throttling: + +```php +if (RateLimiter::tooManyAttempts($limitKey, 10)) { +``` + +Also — the widget's `openCalibrate()` catch block silently swallows the 429. +The user sees nothing happen. Should show an error message when rate limited: + +```tsx +} catch (e: any) { + if (e?.response?.status === 429) { + setError('Too many requests — please wait a moment and try again.'); + } + setReleases([]); +} +``` + +--- +*— Chronicler #85*