API rate limiting

backend/config/routes/routes.php

@@ -19,13 +19,15 @@
         ->prefix('/api/sudo')
         ->namePrefix('api_sudo_');
 
+    $routes->import('../../src/Api/Machine/Controller', 'attribute')
+        ->prefix('/api/machine')
+        ->namePrefix('api_machine_');
+
     // root API
     $routes->import('../../src/Api/Root', 'attribute')
         ->prefix('/api')
         ->namePrefix('api_root_');
 
-
-    // local API (dev and test only)
     $routes->import('../../src/Api/Local', 'attribute')
         ->prefix('/api/local')
         ->condition('env("APP_ENV") in ["dev", "test"]')

backend/src/Api/Public/Controller/Integration/Relay/RelayWebhookController.php → backend/src/Api/Machine/Controller/Integration/Relay/RelayWebhookController.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace App\Api\Public\Controller\Integration\Relay;
+namespace App\Api\Machine\Controller\Integration\Relay;
 
 use App\Entity\Type\RelayDomainStatus;
 use App\Entity\Type\SendStatus;

backend/src/Api/RateLimit/RateLimit.php

@@ -0,0 +1,98 @@
+<?php
+
+namespace App\Api\RateLimit;
+
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+
+/**
+ * @phpstan-type RateLimitConfig array{id: string, policy: string, limit: int, interval: string}
+ */
+class RateLimit
+{
+
+    private bool $isDev;
+
+    public function __construct(
+        #[Autowire('%kernel.environment%')]
+        private readonly string $env = 'prod'
+    )
+    {
+        $this->isDev = $this->env === 'dev';
+    }
+
+    /**
+     * Rate limit for a user session.
+     * 60 per minute
+     * @return RateLimitConfig
+     */
+    public function session(): array
+    {
+        return [
+            'id' => 'console_api_session',
+            'policy' => 'fixed_window',
+            'limit' => $this->isDev ? 1000 : 60,
+            'interval' => '1 minute',
+        ];
+    }
+
+    /**
+     * Rate limit for an API key.
+     * 100 per minute
+     * @return RateLimitConfig
+     */
+    public function apiKey(): array
+    {
+        return [
+            'id' => 'console_api_api_key',
+            'policy' => 'fixed_window',
+            'limit' => $this->isDev ? 1000 : 100,
+            'interval' => '1 minute',
+        ];
+    }
+
+    /**
+     * Rate limit for public API per IP.
+     * 30 per minute per IP
+     * @return RateLimitConfig
+     */
+    public function publicApi(): array
+    {
+        return [
+            'id' => 'public_api',
+            'policy' => 'fixed_window',
+            'limit' => $this->isDev ? 1000 : 30,
+            'interval' => '1 minute',
+        ];
+    }
+
+    /**
+     * Rate limit for the POST /subscribers endpoint.
+     * 1 subscribe per email per minute
+     * @return RateLimitConfig
+     */
+    public function subscriberPerEmailPerMinute(): array
+    {
+        return [
+            'id' => 'public_api_subscriber_per_minute',
+            'policy' => 'fixed_window',
+            'limit' => 2,
+            'interval' => '1 minute',
+        ];
+    }
+
+    /**
+     * Rate limit for the POST /subscribers endpoint.
+     * 6 subscribes per email per hour
+     * @return RateLimitConfig
+     */
+    public function subscriberPerEmailPerHour(): array
+    {
+        return [
+            'id' => 'public_api_subscriber_per_hour',
+            'policy' => 'fixed_window',
+            'limit' => 6,
+            'interval' => '1 hour',
+        ];
+    }
+
+}