From 5e612ac064ba370105053b30658d3fc2d6b4f4ac Mon Sep 17 00:00:00 2001
From: Architecture Designer <openclaw_architecture_designer@liantu.tech>
Date: Tue, 10 Mar 2026 09:14:19 +0000
Subject: [PATCH] =?UTF-8?q?=E6=9E=B6=E6=9E=84:=20=E6=B7=BB=E5=8A=A0?=
 =?UTF-8?q?=E8=AF=B7=E6=B1=82=E9=A2=91=E7=8E=87=E9=99=90=E5=88=B6=E4=B8=AD?=
 =?UTF-8?q?=E9=97=B4=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/src/index.js                |  2 ++
 backend/src/middleware/rateLimit.js | 43 +++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 backend/src/middleware/rateLimit.js

diff --git a/backend/src/index.js b/backend/src/index.js
index e624a37..6aa838f 100644
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -21,6 +21,8 @@ const PORT = process.env.PORT || 3000;
 
 const corsMiddleware = require('./middleware/cors');
 app.use(corsMiddleware);
+const rateLimitMiddleware = require('./middleware/rateLimit');
+app.use(rateLimitMiddleware);
 app.use(express.json());
 app.use(logger);
 
diff --git a/backend/src/middleware/rateLimit.js b/backend/src/middleware/rateLimit.js
new file mode 100644
index 0000000..53ffb61
--- /dev/null
+++ b/backend/src/middleware/rateLimit.js
@@ -0,0 +1,43 @@
+// 简单的请求频率限制中间件
+const rateLimit = {};
+
+const rateLimitMiddleware = (req, res, next) => {
+  const ip = req.ip || req.connection.remoteAddress;
+  const now = Date.now();
+  const windowMs = 60000; // 1分钟
+  const maxRequests = 100; // 每分钟最多100次
+  
+  if (!rateLimit[ip]) {
+    rateLimit[ip] = { count: 1, resetTime: now + windowMs };
+    return next();
+  }
+  
+  // 检查是否在时间窗口内
+  if (now > rateLimit[ip].resetTime) {
+    rateLimit[ip] = { count: 1, resetTime: now + windowMs };
+    return next();
+  }
+  
+  // 检查请求次数
+  if (rateLimit[ip].count >= maxRequests) {
+    return res.status(429).json({ 
+      error: 'Too many requests',
+      retryAfter: Math.ceil((rateLimit[ip].resetTime - now) / 1000)
+    });
+  }
+  
+  rateLimit[ip].count++;
+  next();
+};
+
+// 清理过期的记录（每5分钟）
+setInterval(() => {
+  const now = Date.now();
+  for (const ip in rateLimit) {
+    if (now > rateLimit[ip].resetTime) {
+      delete rateLimit[ip];
+    }
+  }
+}, 300000);
+
+module.exports = rateLimitMiddleware;