added

.env.example

@@ -20,17 +20,6 @@ SUPABASE_URL="https://your-project.supabase.co"
 SUPABASE_SERVICE_KEY="your-supabase-service-role-key"
 SUPABASE_ANON_KEY="your-supabase-anon-key"
 
-# Redis Configuration (for rate limiting)
-REDIS_URL="redis://localhost:6379"
-REDIS_HOST="localhost"
-REDIS_PORT=6379
-REDIS_DB=0
-REDIS_PASSWORD=""
-
-# Rate Limiting
-RATE_LIMIT_REQUESTS_PER_MINUTE=60
-RATE_LIMIT_BURST=10
-
 # LLM Configuration
 GOOGLE_API_KEY="your-google-api-key"
 GROQ_API_KEY="your-groq-api-key"

AUTHENTICATION.md

@@ -162,20 +162,6 @@ curl -X POST "http://localhost:8000/api/v1/extract-narrators" \
 - Service role has full access for admin operations
 - Automatic user profile creation on signup
 
-## Rate Limiting
-
-### Default Limits
-- **Anonymous users**: 60 requests/minute
-- **Authenticated users**: 120 requests/minute
-- **Admin users**: 300 requests/minute
-- **Burst protection**: 10 requests/second
-
-### Rate Limit Headers
-Responses include rate limit information:
-- `X-RateLimit-Limit`: Request limit
-- `X-RateLimit-Remaining`: Remaining requests
-- `X-RateLimit-Reset`: Reset time
-
 ## Analytics and Monitoring
 
 ### User Analytics

NEXTJS_INTEGRATION_GUIDE.md

@@ -46,8 +46,6 @@ Core Hadith Analysis (all protected except `/api/v1/health` + some analytics):
 - `GET  /api/v1/analytics/popular-narrators` (public)
 - `GET  /api/v1/health` (public)
 
-Rate limit errors will return 429 and headers: `X-RateLimit-*`.
-
 ---
 ## 3. Environment Variables (Next.js)
 
@@ -194,11 +192,6 @@ export async function sanadFetch<T>(path: string, init: RequestInit = {}): Promi
 	headers.set('Content-Type', 'application/json');
 
 	const res = await fetch(`${BASE}${path}`, { ...init, headers, cache: 'no-store' });
-	if (res.status === 429) {
-		const limit = res.headers.get('X-RateLimit-Limit');
-		const reset = res.headers.get('X-RateLimit-Reset');
-		throw new Error(`Rate limited. Limit=${limit} resets at=${reset}`);
-	}
 	if (!res.ok) {
 		const body = await res.text();
 		throw new Error(`Sanad API error ${res.status}: ${body}`);
@@ -354,19 +347,17 @@ export function LoginForm() {
 ```
 
 ---
-## 12. Handling Rate Limits & Errors
+## 12. Handling Errors
 
 Pattern:
 ```ts
 try {
 	const res = await sanadFetch('/api/v1/analyze-narrator', { method: 'POST', body: JSON.stringify({ narrator_name }) });
 } catch (e: any) {
-	if (e.message.includes('429')) {
-		// show friendly message / retry after header
-	}
+	// Handle errors appropriately
+	console.error('API Error:', e.message);
 }
 ```
-Consider exponential backoff for bursts and surface `X-RateLimit-Remaining` to show usage.
 
 ---
 ## 13. Logout Flow
@@ -442,7 +433,6 @@ export const config = { matcher: ['/dashboard/:path*', '/analysis/:path*'] };
 |---------|-------|-----|
 | 401 on every request | Missing Authorization header | Ensure proxy sets header after refresh |
 | 401 after refresh | Refresh token expired/blacklisted | Force logout & re-login |
-| 429 errors | Rate limit exceeded | Slow down / show user retry time |
 | CORS errors (if bypassing proxy) | Direct browser → FastAPI without proper CORS | Always use Next.js proxy or configure CORS on backend |
 | Cookie not set in prod | Missing `secure` or domain mismatch | Set correct domain & HTTPS |
 

app/api/routes.py

@@ -22,7 +22,6 @@ from app.db.models import (
 )
 from app.agent.services import get_llm_service
 from app.middleware import get_current_active_user, get_user_ip
-from app.middleware.rate_limit import limiter, authenticated_user_limit
 from app.services.database import DatabaseService
 
 router = APIRouter(prefix="/api/v1", tags=["hadith-analysis"])
@@ -34,7 +33,6 @@ router = APIRouter(prefix="/api/v1", tags=["hadith-analysis"])
     summary="Extract narrators from hadith text",
     description="Analyzes Arabic hadith text and extracts the chain of narrators (sanad)",
 )
-@authenticated_user_limit()
 async def extract_narrators(
     request: HadithTextRequest,
     http_request: Request,
@@ -123,7 +121,6 @@ async def extract_narrators(
     summary="Analyze narrator reliability",
     description="Takes a narrator name and generates an AI-powered reliability assessment based on the model's knowledge",
 )
-@authenticated_user_limit()
 async def analyze_narrator(
     request: NarratorAnalysisRequest,
     http_request: Request,
@@ -196,7 +193,6 @@ async def analyze_narrator(
     summary="Analyze narrator chain",
     description="Analyzes a complete chain of narrators using enhanced Shamela data + LLM agent",
 )
-@authenticated_user_limit()
 async def analyze_narrator_chain(
     request: Request,
     narrator_names: List[str] = Body(...),
@@ -273,7 +269,6 @@ async def analyze_narrator_chain(
     summary="Extract narrators and analyze chain",
     description="Complete workflow: extract narrators from hadith text and analyze the complete chain",
 )
-@authenticated_user_limit()
 async def extract_and_analyze_hadith(
     request: HadithTextRequest,
     http_request: Request,
@@ -393,7 +388,6 @@ async def health_check():
     summary="Get user's extraction history",
     description="Get the current user's narrator extraction history",
 )
-@authenticated_user_limit()
 async def get_user_extractions(
     request: Request,
     current_user: User = Depends(get_current_active_user),
@@ -410,7 +404,6 @@ async def get_user_extractions(
     summary="Get user's analysis history",
     description="Get the current user's narrator analysis history",
 )
-@authenticated_user_limit()
 async def get_user_analyses(
     request: Request,
     current_user: User = Depends(get_current_active_user),

app/auth/routes.py

@@ -17,7 +17,6 @@ from app.db.models import (
     UserRole
 )
 from app.middleware import auth_middleware, get_user_ip
-from app.middleware.rate_limit import limiter, anonymous_user_limit
 
 
 router = APIRouter(prefix="/auth", tags=["authentication"])
@@ -84,7 +83,6 @@ async def create_user_session(
 
 
 @router.post("/register", response_model=AuthResponse)
-@anonymous_user_limit()
 async def register(request: Request, user_data: RegisterRequest):
     """Register a new user."""
     supabase = get_supabase_client()
@@ -182,7 +180,6 @@ async def register(request: Request, user_data: RegisterRequest):
 
 
 @router.post("/login", response_model=AuthResponse)
-@anonymous_user_limit()
 async def login(request: Request, credentials: LoginRequest):
     """Authenticate user and return tokens."""
     supabase = get_supabase_client()
@@ -253,7 +250,6 @@ async def login(request: Request, credentials: LoginRequest):
 
 
 @router.post("/refresh", response_model=AuthResponse)
-@anonymous_user_limit()
 async def refresh_token(request: Request, token_data: TokenRefreshRequest):
     """Refresh access token using refresh token."""
     try:

app/config/settings.py

@@ -31,17 +31,6 @@ class Settings:
     SUPABASE_SERVICE_KEY: Optional[str] = os.getenv("SUPABASE_SERVICE_KEY")
     SUPABASE_ANON_KEY: Optional[str] = os.getenv("SUPABASE_ANON_KEY")
 
-    # Redis Configuration
-    REDIS_URL: str = os.getenv("REDIS_URL", "redis://localhost:6379")
-    REDIS_HOST: str = os.getenv("REDIS_HOST", "localhost")
-    REDIS_PORT: int = int(os.getenv("REDIS_PORT", "6379"))
-    REDIS_DB: int = int(os.getenv("REDIS_DB", "0"))
-    REDIS_PASSWORD: str = os.getenv("REDIS_PASSWORD", "")
-
-    # Rate Limiting
-    RATE_LIMIT_REQUESTS_PER_MINUTE: int = int(os.getenv("RATE_LIMIT_REQUESTS_PER_MINUTE", "60"))
-    RATE_LIMIT_BURST: int = int(os.getenv("RATE_LIMIT_BURST", "10"))
-
     # Database
     DATABASE_URL: Optional[str] = os.getenv("DATABASE_URL")
 

app/main.py

@@ -8,14 +8,6 @@ from app.config.settings import settings
 from app.api.routes import router
 from app.auth.routes import router as auth_router
 
-try:
-    from slowapi import Limiter, _rate_limit_exceeded_handler
-    from slowapi.errors import RateLimitExceeded
-    from app.middleware.rate_limit import limiter
-    RATE_LIMITING_AVAILABLE = True
-except ImportError:
-    RATE_LIMITING_AVAILABLE = False
-
 
 # Create FastAPI application
 app = FastAPI(
@@ -26,23 +18,6 @@ app = FastAPI(
     redoc_url="/redoc" if settings.DEBUG else None,
 )
 
-# Add rate limiting if available
-if RATE_LIMITING_AVAILABLE:
-    app.state.limiter = limiter
-    
-    @app.exception_handler(RateLimitExceeded)
-    async def rate_limit_handler(request: Request, exc: RateLimitExceeded):
-        response = JSONResponse(
-            status_code=429,
-            content={
-                "error": "Rate limit exceeded",
-                "message": f"Too many requests. Limit: {exc.detail}",
-                "retry_after": exc.retry_after
-            }
-        )
-        response.headers["Retry-After"] = str(exc.retry_after)
-        return response
-
 # Add CORS middleware
 app.add_middleware(
     CORSMiddleware,

app/middleware/rate_limit.py

@@ -1,152 +0,0 @@
-from fastapi import Request, HTTPException, status
-from slowapi import Limiter, _rate_limit_exceeded_handler
-from slowapi.util import get_remote_address
-from slowapi.errors import RateLimitExceeded
-import redis
-from typing import Optional
-
-from app.config.settings import settings
-
-
-def get_client_ip(request: Request) -> str:
-    """Get client IP address for rate limiting."""
-    # Check for forwarded headers first
-    forwarded = request.headers.get("X-Forwarded-For")
-    if forwarded:
-        return forwarded.split(",")[0].strip()
-    
-    real_ip = request.headers.get("X-Real-IP")
-    if real_ip:
-        return real_ip
-    
-    return get_remote_address(request)
-
-
-def get_user_id_from_token(request: Request) -> Optional[str]:
-    """Extract user ID from JWT token for user-based rate limiting."""
-    try:
-        from app.middleware import auth_middleware
-        auth_header = request.headers.get("Authorization")
-        if auth_header and auth_header.startswith("Bearer "):
-            token = auth_header.split(" ")[1]
-            payload = auth_middleware.verify_token(token)
-            return payload.get("sub")
-    except Exception:
-        pass
-    return None
-
-
-def rate_limit_key(request: Request) -> str:
-    """Generate rate limiting key based on user or IP."""
-    user_id = get_user_id_from_token(request)
-    if user_id:
-        return f"user:{user_id}"
-    return f"ip:{get_client_ip(request)}"
-
-
-# Create Redis client for rate limiting
-try:
-    redis_client = redis.Redis(
-        host=settings.REDIS_HOST,
-        port=settings.REDIS_PORT,
-        db=settings.REDIS_DB,
-        password=settings.REDIS_PASSWORD if settings.REDIS_PASSWORD else None,
-        decode_responses=True
-    )
-    # Test connection
-    redis_client.ping()
-except Exception:
-    # Fallback to in-memory storage if Redis is not available
-    redis_client = None
-
-
-# Create limiter instance
-limiter = Limiter(
-    key_func=rate_limit_key,
-    storage_uri=settings.REDIS_URL if redis_client else "memory://",
-    default_limits=[f"{settings.RATE_LIMIT_REQUESTS_PER_MINUTE}/minute"]
-)
-
-
-# Custom rate limit exceeded handler
-async def custom_rate_limit_handler(request: Request, exc: RateLimitExceeded):
-    """Custom handler for rate limit exceeded."""
-    response = HTTPException(
-        status_code=status.HTTP_429_TOO_MANY_REQUESTS,
-        detail={
-            "error": "Rate limit exceeded",
-            "message": f"Too many requests. Limit: {exc.detail}",
-            "retry_after": exc.retry_after
-        }
-    )
-    return response
-
-
-# Rate limiting decorators for different tiers
-def authenticated_user_limit():
-    """Rate limit for authenticated users (higher limit)."""
-    return limiter.limit(f"{settings.RATE_LIMIT_REQUESTS_PER_MINUTE * 2}/minute")
-
-
-def anonymous_user_limit():
-    """Rate limit for anonymous users (lower limit)."""
-    return limiter.limit(f"{settings.RATE_LIMIT_REQUESTS_PER_MINUTE}/minute")
-
-
-def admin_user_limit():
-    """Rate limit for admin users (highest limit)."""
-    return limiter.limit(f"{settings.RATE_LIMIT_REQUESTS_PER_MINUTE * 5}/minute")
-
-
-def burst_limit():
-    """Burst protection limit."""
-    return limiter.limit(f"{settings.RATE_LIMIT_BURST}/second")
-
-
-# Middleware class for more granular control
-class RateLimitMiddleware:
-    """Rate limiting middleware with user-aware limits."""
-    
-    def __init__(self):
-        self.limiter = limiter
-        self.redis_client = redis_client
-    
-    async def check_rate_limit(self, request: Request, limit: str) -> bool:
-        """Check if request exceeds rate limit."""
-        try:
-            key = rate_limit_key(request)
-            
-            if self.redis_client:
-                # Use Redis for rate limiting
-                current_count = self.redis_client.incr(key)
-                if current_count == 1:
-                    # Set expiration for new key
-                    self.redis_client.expire(key, 60)  # 1 minute window
-                
-                # Parse limit (e.g., "60/minute")
-                limit_count = int(limit.split("/")[0])
-                if current_count > limit_count:
-                    return False
-            
-            return True
-        except Exception:
-            # If rate limiting fails, allow the request
-            return True
-    
-    def get_remaining_requests(self, request: Request, limit: str) -> int:
-        """Get remaining requests for the current window."""
-        try:
-            if not self.redis_client:
-                return 0
-            
-            key = rate_limit_key(request)
-            current_count = self.redis_client.get(key) or 0
-            limit_count = int(limit.split("/")[0])
-            
-            return max(0, limit_count - int(current_count))
-        except Exception:
-            return 0
-
-
-# Global instance
-rate_limit_middleware = RateLimitMiddleware()

requirements.txt

@@ -73,10 +73,6 @@ passlib[bcrypt]==1.7.4
 supabase==2.7.4
 postgrest==0.16.8
 
-# Redis and Rate Limiting
-redis==5.0.1
-slowapi==0.1.9
-
 # Additional dependencies for enhanced security
 cryptography==42.0.5
 bcrypt==4.1.2