Add Rate Limiting Helper

[izadoesdev]

Overview

Add a rate limiting helper to prevent API key abuse and control usage patterns.

Motivation

Rate limiting is crucial for security and prevents abuse of API keys. This feature should help users track and limit API key usage.

Proposed API

interface RateLimitConfig {
  maxRequests: number
  windowMs: number
}

const rateLimiter = keys.createRateLimiter({
  maxRequests: 100,
  windowMs: 60000, // 1 minute
})

await rateLimiter.check(apiKeyRecord)

Implementation Details

Storage Requirements

• Track request counts per key
• Use sliding window or fixed window algorithm
• Store in storage adapter (new method or extend existing metadata)

API Design

// Create rate limiter
const rateLimiter = manager.createRateLimiter({
  maxRequests: 100,
  windowMs: 60000,
  exceedAction: 'reject' | 'throttle' | 'log'
})

// Check rate limit
const result = await rateLimiter.check(keyRecord)
if (!result.allowed) {
  throw new RateLimitError('Rate limit exceeded', result.retryAfter)
}

Acceptance Criteria

• Implement sliding window or fixed window rate limiting
• Support multiple rate limit tiers per key
• Track usage across storage adapters
• Return retry-after information
• Add tests for rate limiting logic
• Document usage examples
• Handle edge cases (first request, empty periods)

Priority

High - Security feature