⚙️ Protect /api/svgs & /api/categories.

src/routes/api/categories/+server.ts

@@ -1,12 +1,29 @@
+import type { RequestEvent } from './$types';
+
 import { json } from '@sveltejs/kit';
+import { ratelimit } from '@/server/redis';
 
 // Data:
 import { svgs } from '@/data/svgs';
 
-export const GET = () => {
+export const GET = async ({ request }: RequestEvent) => {
   const categories = svgs
     .map((svg) => svg.category)
     .filter((category, index, array) => array.indexOf(category) === index);
+  const ip = request.headers.get('x-forwarded-for') ?? '';
+  const { success, reset } = await ratelimit.limit(ip);
+
+  // Error 429 | If rate limit is exceeded:
+  if (!success) {
+    const now = Date.now();
+    const retryAfter = Math.floor((reset - now) / 1000);
+    return new Response('Too Many Requests', {
+      status: 429,
+      headers: {
+        'Retry-After': retryAfter.toString()
+      }
+    });
+  }
 
   // Status 200 | If limit is a number:
   return json(

src/routes/api/svgs/+server.ts

@@ -2,12 +2,27 @@ import type { RequestEvent } from './$types';
 import type { iSVG } from '@/types/svg';
 
 import { error, json } from '@sveltejs/kit';
+import { ratelimit } from '@/server/redis';
 
 // Data:
 import { svgsData } from '@/data';
 
-export const GET = ({ url }: RequestEvent) => {
+export const GET = async ({ url, request }: RequestEvent) => {
   const fullUrl = url.origin ?? 'svgl.vercel.app';
+  const ip = request.headers.get('x-forwarded-for') ?? '';
+  const { success, reset } = await ratelimit.limit(ip);
+
+  // Error 429 | If rate limit is exceeded:
+  if (!success) {
+    const now = Date.now();
+    const retryAfter = Math.floor((reset - now) / 1000);
+    return new Response('Too Many Requests', {
+      status: 429,
+      headers: {
+        'Retry-After': retryAfter.toString()
+      }
+    });
+  }
 
   // Params:
   const getLimitParams = url.searchParams.get('limit');