feat: Add client-side rate limiting and Retry-After support #154
Description
Context
Skaldleita API is getting hammered by Library Manager instances with no client-side throttling. The server has been restarting every 20 minutes to 2 hours due to memory pressure from excessive requests (136K+ POST /match requests in a single log cycle, 267K rate limit warnings from single IPs).
Server-side changes are being deployed (skaldleita PR pending) that:
- Lower API key rate limits from 1000/hr to 300/hr
- Add 500/day limit for keyless LM users
- Block non-LM traffic entirely
What LM Needs
1. Respect Retry-After headers
When the server returns HTTP 429, it includes a Retry-After header (seconds). LM should:
- Parse the header
- Wait the specified duration before retrying
- Show the user a message: "Server is busy, retrying in X seconds..."
2. Client-side request debouncing
- Batch rapid-fire requests (e.g., matching 200 books shouldn't be 200 individual requests)
- Add exponential backoff on repeated 429 responses
- Consider a local cache for recent lookups
3. Visual feedback when rate-limited
- Show a non-intrusive notification when rate-limited
- Include the retry countdown
- Suggest getting an API key if they don't have one
4. API key registration prompt
- If user hits daily limit (500/day without key), prompt them to register for a free API key
- Link to https://skaldleita.com/api/request-key
Server-Side Changes (for reference)
New rate limit tiers:
| Tier | Limit |
|---|---|
| LM without API key | 500/day per IP |
| LM with API key | 300/hour per key |
| Non-LM | Blocked (403) |