Fix API Rate Limit Exhaustion in Rocket

Rocket is built for performance, but out-of-the-box, it lacks a native rate-limiting mechanism. This 'fail-open' design means an attacker can flood your endpoints, saturating worker threads and exhausting database connection pools. To mitigate this, we shift from raw routes to guarded routes using a token bucket or leaky bucket algorithm, typically implemented via the 'rocket_governor' crate or custom Fairings.

The Vulnerable Pattern

#[get("/api/resource")]
fn leaky_api() -> &'static str {
    // This endpoint will process every request until the OS kills the process
    // No protection against automated scraping or DoS
    "Data delivered"
}

The Secure Implementation

The vulnerable code lacks a Request Guard, allowing infinite hits. The secure implementation utilizes 'RocketGovernor' to enforce a per-IP quota. By adding the 'RocketGovernor' parameter to the function signature, Rocket's fairing system intercepts the request before execution. If the client exceeds the defined Quota (2 req/sec), the guard fails, and Rocket automatically returns a 429 Too Many Requests response, protecting the backend from resource exhaustion.

use rocket_governor::{Method, Quota, RocketGovernor, RocketGovernable};
pub struct RateLimitGuard;
impl<‘r> RocketGovernable<‘r> for RateLimitGuard {
fn quota(_method: Method, _route_name: &str) -> Quota {
// Define a strict quota: 2 requests per second
Quota::per_second(Self::nonzero(2u32))
}
}
#[get(“/api/resource”)]
fn protected_api(_limit: RocketGovernor) -> &‘static str {
// Request Guard ensures the handler is only reached if within quota
“Data delivered (Rate Limited)”
}