`334b0c7`

search: wire ratelimit.Limiter into /search Mount (SR2 H4 wiring)

Threads a separate ratelimit.New(pool) into buildSearchHandlers so
SR2 H4's middleware actually fires on the live route. Shares the
DB-backed counter table with auth's RateLimiter; segregated by
Policy.Scope='search'.

Tests covering H4 use a constructed limiter directly (no DB needed
beyond a stub pool) — see search.go's documented Mount path.

Together with the previous commit (H5 tab-count cache), /search
goes from worst-case 6 FTS queries per request unrate-limited to
1 query per request on cache hit + 60/min/viewer hard ceiling.

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 3 days ago

SHA: 334b0c741555f0fc5e2917db6a75aa88147057af
Parents: fe289bb
Tree: 25f0286

2 changed files

Status	File	+	-
M	`internal/web/search_wiring.go`	8	1
M	`internal/web/server.go`	6	1

internal/web/search_wiring.gomodified

  	"github.com/jackc/pgx/v5/pgxpool"
++	"github.com/tenseleyFlow/shithub/internal/ratelimit"
  	searchhandlers "github.com/tenseleyFlow/shithub/internal/web/handlers/search"
  	"github.com/tenseleyFlow/shithub/internal/web/render"
  )
  // buildSearchHandlers wires the S28 search handler set. Owns its own
  // renderer (same pattern as the other handler builders).
++//
++// Limiter is the per-request rate-limit entrypoint applied to /search
++// (audit 2026-05-10 H4). Pass nil from tests when you don't care
++// about throttling; production wiring constructs one shared limiter
++// per shithubd-web process and threads it everywhere.
  func buildSearchHandlers(
  	pool *pgxpool.Pool,
  	tmplFS fs.FS,
  	logger *slog.Logger,
++	limiter *ratelimit.Limiter,
  ) (*searchhandlers.Handlers, error) {
  	rr, err := render.New(tmplFS, render.Options{Octicons: render.BuiltinOcticons()})
  	if err != nil {
  		return nil, err
  	}
  	return searchhandlers.New(searchhandlers.Deps{
--		Logger: logger, Render: rr, Pool: pool,
++		Logger: logger, Render: rr, Pool: pool, Limiter: limiter,
  	})
  }

internal/web/server.gomodified

  	infralog "github.com/tenseleyFlow/shithub/internal/infra/log"
  	"github.com/tenseleyFlow/shithub/internal/infra/metrics"
  	"github.com/tenseleyFlow/shithub/internal/infra/tracing"
++	"github.com/tenseleyFlow/shithub/internal/ratelimit"
  	"github.com/tenseleyFlow/shithub/internal/version"
  	"github.com/tenseleyFlow/shithub/internal/web/handlers"
  	"github.com/tenseleyFlow/shithub/internal/web/middleware"
  		deps.RepoSocialMounter = repoH.MountSocial
  		deps.RepoForkMounter = repoH.MountFork
--		searchH, err := buildSearchHandlers(pool, deps.TemplatesFS, logger)
++		// Search gets its own Limiter wired around /search +
++		// /search/quick (audit 2026-05-10 H4). Independent instance
++		// from auth's RateLimiter; both share DB-backed counter
++		// state, segregated by Policy.Scope.
++		searchH, err := buildSearchHandlers(pool, deps.TemplatesFS, logger, ratelimit.New(pool))
  		if err != nil {
  			return fmt.Errorf("search handlers: %w", err)
  		}