Initial commit: Open sourcing all of the Maple Open Technologies code.

cloud/maplepress-backend/pkg/ratelimit/provider.go

@@ -0,0 +1,45 @@
+package ratelimit
+
+import (
+	"github.com/redis/go-redis/v9"
+	"go.uber.org/zap"
+
+	"codeberg.org/mapleopentech/monorepo/cloud/maplepress-backend/config"
+)
+
+// ProvideRateLimiter provides a rate limiter for dependency injection (registration endpoints)
+func ProvideRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter {
+	rateLimitConfig := Config{
+		MaxRequests: cfg.RateLimit.RegistrationMaxRequests,
+		Window:      cfg.RateLimit.RegistrationWindow,
+		KeyPrefix:   "ratelimit:registration",
+	}
+
+	return NewRateLimiter(redisClient, rateLimitConfig, logger)
+}
+
+// ProvideGenericRateLimiter provides a rate limiter for generic CRUD endpoints (CWE-770)
+// This is used for authenticated endpoints like tenant/user/site management, admin endpoints
+// Strategy: User-based limiting (authenticated user ID from JWT)
+func ProvideGenericRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter {
+	rateLimitConfig := Config{
+		MaxRequests: cfg.RateLimit.GenericMaxRequests,
+		Window:      cfg.RateLimit.GenericWindow,
+		KeyPrefix:   "ratelimit:generic",
+	}
+
+	return NewRateLimiter(redisClient, rateLimitConfig, logger)
+}
+
+// ProvidePluginAPIRateLimiter provides a rate limiter for WordPress plugin API endpoints (CWE-770)
+// This is used for plugin endpoints that are core business/revenue endpoints
+// Strategy: Site-based limiting (API key → site_id)
+func ProvidePluginAPIRateLimiter(redisClient *redis.Client, cfg *config.Config, logger *zap.Logger) RateLimiter {
+	rateLimitConfig := Config{
+		MaxRequests: cfg.RateLimit.PluginAPIMaxRequests,
+		Window:      cfg.RateLimit.PluginAPIWindow,
+		KeyPrefix:   "ratelimit:plugin",
+	}
+
+	return NewRateLimiter(redisClient, rateLimitConfig, logger)
+}