GitHub/kill-the-news
1
0
Fork 0
mirror of https://github.com/juherr/kill-the-news.git synced 2026-06-20 22:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: mark Phase 3 tasks done; document WAF rate limiting in TODO

Browse Source 
P1-4, P2-10, P2-11 marked DONE in TECH_DEBT.md.
P1-5 (rate limiting) is infrastructure-only — documented in TODO.md with
the recommended Cloudflare WAF rule targets and thresholds.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Julien Herr
2026-05-22 10:56:55 +02:00
parent 205d4ef5bb
commit 427eac973c
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TECH_DEBT.md
+6 -6
View File
@@ -27,12 +27,12 @@ Generated: 2026-05-22
## Phase 3 — Ongoing / Infrastructure ## Phase 3 — Ongoing / Infrastructure
| # | Task | Priority | | # | Task | Priority | Status |
| ----- | ---------------------------------------------------- | -------- | | ----- | ---------------------------------------------------- | -------- | ------------------------- |
| P1-4 | Structured logging + error aggregation | 36 | | P1-4 | Structured logging + error aggregation | 36 | DONE |
| P1-5 | Rate limiting (Cloudflare WAF rules) | 24 | | P1-5 | Rate limiting (Cloudflare WAF rules) | 24 | Infrastructure (see TODO) |
| P2-10 | Extract constants module (`src/config/constants.ts`) | 12 | | P2-10 | Extract constants module (`src/config/constants.ts`) | 12 | DONE |
| P2-11 | Split `admin.ts` into sub-modules | 8 | | P2-11 | Split `admin.ts` into sub-modules | 8 | DONE |
--- ---
TODO.md
+2
View File
@@ -24,4 +24,6 @@ Feature gaps identified by comparing with [kill-the-newsletter](https://github.c
- [ ] **WebSub (PubSubHubbub) push notifications** — notify subscribers in real time when a new email arrives, instead of requiring them to poll the feed. Requires either integrating a public WebSub hub or implementing the hub protocol directly. - [ ] **WebSub (PubSubHubbub) push notifications** — notify subscribers in real time when a new email arrives, instead of requiring them to poll the feed. Requires either integrating a public WebSub hub or implementing the hub protocol directly.
- [ ] **Rate limiting via Cloudflare WAF rules** — protect `/api/inbound` and `/admin` against abuse. Configure WAF custom rules in the Cloudflare dashboard (or via Terraform): rate-limit `/api/inbound` to ~60 req/min per IP, and `/admin` to ~20 req/min per IP. No code changes required; this is pure infrastructure configuration.
- [ ] **Migrate feed metadata to Durable Objects for atomic writes** — the current KV-based metadata store has a read-modify-write race condition: two concurrent emails to the same feed can silently overwrite each other's changes. Cloudflare Durable Objects serialise access per feed and eliminate the race entirely. Requires replacing `feed:<feedId>:metadata` KV writes in `src/lib/email-processor.ts` with a Durable Object that exposes an `appendEmail()` RPC, updating `wrangler.toml` with a DO binding, and migrating existing metadata at deploy time. - [ ] **Migrate feed metadata to Durable Objects for atomic writes** — the current KV-based metadata store has a read-modify-write race condition: two concurrent emails to the same feed can silently overwrite each other's changes. Cloudflare Durable Objects serialise access per feed and eliminate the race entirely. Requires replacing `feed:<feedId>:metadata` KV writes in `src/lib/email-processor.ts` with a Durable Object that exposes an `appendEmail()` RPC, updating `wrangler.toml` with a DO binding, and migrating existing metadata at deploy time.