fix: address high-priority worker, rate limiter, and API key issues

Shukri · claude · Shukri · commit 1034696524a6 · 2026-03-21T18:48:21.000+08:00
- worker: cap concurrent jobs at 64 with a tokio Semaphore
- rate_limit: recover from poisoned mutex instead of panicking
- projects: replace UUID v4 with OsRng for API key generation (128-bit CSPRNG, no fixed UUID structure bits)

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,7 +32,8 @@ chrono            = { version = "0.4", features = ["serde"] }
 dotenvy           = "0.15"
 tracing           = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
-md5 = "0.7"
+md5  = "0.7"
+rand = { version = "0.8", features = ["getrandom"] }
 lettre = { version = "0.11", features = ["tokio1", "tokio1-native-tls"] }
 reqwest = { version = "0.12", features = ["json"] }
 futures = "0.3"
diff --git a/src/rate_limit.rs b/src/rate_limit.rs
@@ -23,7 +23,7 @@ impl RateLimiter {
 
     /// Returns `true` if the request is allowed, `false` if rate-limited.
     pub fn check(&self, key: &str) -> bool {
-        let mut store = self.store.lock().unwrap();
+        let mut store = self.store.lock().unwrap_or_else(|e| e.into_inner());
         let now       = Instant::now();
         let window    = self.window;
         let entry     = store.entry(key.to_string()).or_default();
diff --git a/src/routes/projects.rs b/src/routes/projects.rs
@@ -1,4 +1,5 @@
 use axum::{extract::{Path, State}, Json};
+use rand::{rngs::OsRng, RngCore};
 use serde_json::{json, Value};
 use uuid::Uuid;
 use crate::{errors::AppError, AppState};
@@ -35,8 +36,10 @@ pub async fn create_project(
 
     let platform = body["platform"].as_str().unwrap_or("php");
 
-    // Generate a unique API key
-    let api_key = Uuid::new_v4().simple().to_string();
+    // Generate a cryptographically random API key (32 hex chars = 128 bits from OsRng)
+    let mut bytes = [0u8; 16];
+    OsRng.fill_bytes(&mut bytes);
+    let api_key = bytes.iter().map(|b| format!("{:02x}", b)).collect::<String>();
 
     let project = sqlx::query!(
         "INSERT INTO projects (name, api_key, platform) VALUES ($1, $2, $3)
diff --git a/src/worker.rs b/src/worker.rs
@@ -1,19 +1,27 @@
 use crate::alerts::{fire_alerts, AlertContext};
 use deadpool_redis::Pool as RedisPool;
 use sqlx::PgPool;
+use std::sync::Arc;
 
 use crate::queue::{pop_job, EventJob};
-use tokio::sync::broadcast;
+use tokio::sync::{broadcast, Semaphore};
+
+const MAX_CONCURRENT_JOBS: usize = 64;
 
 pub async fn run(redis_pool: RedisPool, pg_pool: PgPool, event_tx: broadcast::Sender<String>) {
     tracing::info!("⚙️  Worker started — listening on queue");
 
+    let semaphore = Arc::new(Semaphore::new(MAX_CONCURRENT_JOBS));
+
     loop {
         match pop_job(&redis_pool).await {
             Some(job) => {
-                let pool = pg_pool.clone();
-                let tx   = event_tx.clone();
+                let pool   = pg_pool.clone();
+                let tx     = event_tx.clone();
+                let permit = semaphore.clone().acquire_owned().await
+                    .expect("semaphore closed");
                 tokio::spawn(async move {
+                    let _permit = permit; // released when task finishes
                     if let Err(e) = process(job, &pool, &tx).await {
                         tracing::error!("Worker failed to process job: {}", e);
                     }
