Context
The knowledge base upload endpoint (POST /api/knowledge/documents) processes files asynchronously (parse → chunk → embed → store). Each upload triggers CPU-intensive work (embedding via Ollama). Without rate limiting, a client could overwhelm the system with rapid uploads.
Required Change
Add rate limiting middleware to the upload endpoint. Options:
- Fiber rate limiter middleware (
fiber/middleware/limiter)
- Per-org rate limit (e.g., 10 uploads per minute)
- Or global rate limit as a simpler first step
Security Context
Identified during security audit of the RAG feature (MED-2). Resource exhaustion vector — each upload triggers a processing goroutine with Ollama embedding calls.
Acceptance Criteria
Context
The knowledge base upload endpoint (
POST /api/knowledge/documents) processes files asynchronously (parse → chunk → embed → store). Each upload triggers CPU-intensive work (embedding via Ollama). Without rate limiting, a client could overwhelm the system with rapid uploads.Required Change
Add rate limiting middleware to the upload endpoint. Options:
fiber/middleware/limiter)Security Context
Identified during security audit of the RAG feature (MED-2). Resource exhaustion vector — each upload triggers a processing goroutine with Ollama embedding calls.
Acceptance Criteria
POST /api/knowledge/documents