From d3948360c40c0bf0d4b7cb68a2efe9461a2aab31 Mon Sep 17 00:00:00 2001
From: sirpiglr <49359077-sirpiglr@users.noreply.replit.com>
Date: Tue, 16 Dec 2025 00:15:45 +0000
Subject: [PATCH] Allow all users to access the AI chatbot with rate limiting

Remove authentication requirement for the chat API endpoint and implement IP-based rate limiting for unauthenticated users and user-ID-based rate limiting for authenticated users.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 279f1558-c0e3-40e4-8217-be7e9f4c6eca
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: baef9c90-1ad1-43d5-b97c-28a2c13b46dd
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/b984cb14-1d19-4944-922b-bc79e821ed35/279f1558-c0e3-40e4-8217-be7e9f4c6eca/EL5FxMZ
Replit-Helium-Checkpoint-Created: true
---
 server/routes.ts | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/server/routes.ts b/server/routes.ts
index 07a5910..0a62dee 100644
--- a/server/routes.ts
+++ b/server/routes.ts
@@ -297,32 +297,31 @@ export async function registerRoutes(
     }
   });
 
-  // ========== CHATBOT API (Auth + Rate limited) ==========
+  // ========== CHATBOT API (Rate limited) ==========
   
   const chatRateLimits = new Map<string, { count: number; resetTime: number }>();
   
-  app.post("/api/chat", requireAuth, async (req, res) => {
+  app.post("/api/chat", async (req, res) => {
     try {
       const userId = req.session?.userId;
-      if (!userId) {
-        return res.status(401).json({ error: "Authentication required" });
-      }
+      const clientIP = req.ip || req.socket.remoteAddress || 'unknown';
+      const rateLimitKey = userId ? `user:${userId}` : `ip:${clientIP}`;
+      const maxRequests = userId ? 30 : 10;
       
-      const userKey = String(userId);
       const now = Date.now();
-      const rateLimit = chatRateLimits.get(userKey);
+      const rateLimit = chatRateLimits.get(rateLimitKey);
       
       if (rateLimit) {
         if (now < rateLimit.resetTime) {
-          if (rateLimit.count >= 30) {
+          if (rateLimit.count >= maxRequests) {
             return res.status(429).json({ error: "Rate limit exceeded. Please wait before sending more messages." });
           }
           rateLimit.count++;
         } else {
-          chatRateLimits.set(userKey, { count: 1, resetTime: now + 60000 });
+          chatRateLimits.set(rateLimitKey, { count: 1, resetTime: now + 60000 });
         }
       } else {
-        chatRateLimits.set(userKey, { count: 1, resetTime: now + 60000 });
+        chatRateLimits.set(rateLimitKey, { count: 1, resetTime: now + 60000 });
       }
       
       const { message, history } = req.body;