Skip to content

Add rate limiter and NORAD ID validation to /norad route#3

Open
twinksanderson wants to merge 1 commit intoMrTalon63:masterfrom
twinksanderson:fix/norad-rate-limiter
Open

Add rate limiter and NORAD ID validation to /norad route#3
twinksanderson wants to merge 1 commit intoMrTalon63:masterfrom
twinksanderson:fix/norad-rate-limiter

Conversation

@twinksanderson
Copy link
Copy Markdown

@twinksanderson twinksanderson commented Mar 3, 2026
edited
Loading

Summary

  • Added missing rate limiter middleware to /norad/:id route — it was the only route without it, allowing unlimited upstream requests to Celestrak
  • Added input validation for NORAD catalog IDs — rejects NaN, negative, zero, and out-of-range values (must be 1–999999) with a 400 Bad Request instead of forwarding invalid requests upstream

Changes

src/routes/norad.ts

  • Import and .use(limiter) — same pattern as /tle, /json, /csv routes
  • Validate parseInt result: reject if NaN, < 1, or > 999999
  • Return 400 with descriptive error message for invalid IDs

@twinksanderson
Add rate limiter and input validation to /norad/:id route
b59e991 
The NORAD route was missing the rate limiter middleware that all other
routes (tle, json, csv) use. This allowed unlimited requests that could
abuse Celestrak upstream.

Also adds validation for NORAD catalog IDs — rejects NaN, negative,
and out-of-range values (must be 1-999999) with a 400 response instead
of forwarding garbage to Celestrak.
@twinksanderson twinksanderson force-pushed the fix/norad-rate-limiter branch from 31914bf to b59e991 Compare March 3, 2026 03:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@twinksanderson