add rate limits to all public endpoints

author: Hazelnoot <acomputerdog@gmail.com> 2024-11-22 13:43:06 -0500
committer: Hazelnoot <acomputerdog@gmail.com> 2024-11-22 15:19:24 -0500
commit: e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad (patch)
tree: cce9170107529b3d2880c69dc010130d35c87388 /packages/backend/src/server/api/endpoints/auth
parent: merge: Fix `.punyHost` misuse (!765) (diff)
download: sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.gz
sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.bz2
sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.zip
4 files changed, 24 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/endpoints/auth/accept.ts b/packages/backend/src/server/api/endpoints/auth/accept.ts
index 2e62f04df0..0000ce16ef 100644
--- a/packages/backend/src/server/api/endpoints/auth/accept.ts
+++ b/packages/backend/src/server/api/endpoints/auth/accept.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '9c72d8de-391a-43c1-9d06-08d29efde8df',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/session/generate.ts b/packages/backend/src/server/api/endpoints/auth/session/generate.ts
index f8ddfdb75c..a0ee1bfc73 100644
--- a/packages/backend/src/server/api/endpoints/auth/session/generate.ts
+++ b/packages/backend/src/server/api/endpoints/auth/session/generate.ts
@@ -40,6 +40,12 @@ export const meta = {
 			id: '92f93e63-428e-4f2f-a5a4-39e1407fe998',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/session/show.ts b/packages/backend/src/server/api/endpoints/auth/session/show.ts
index 13e02a2541..ba7ad04f37 100644
--- a/packages/backend/src/server/api/endpoints/auth/session/show.ts
+++ b/packages/backend/src/server/api/endpoints/auth/session/show.ts
@@ -43,6 +43,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/auth/session/userkey.ts b/packages/backend/src/server/api/endpoints/auth/session/userkey.ts
index b490c5832d..8e9aff8058 100644
--- a/packages/backend/src/server/api/endpoints/auth/session/userkey.ts
+++ b/packages/backend/src/server/api/endpoints/auth/session/userkey.ts
@@ -51,6 +51,12 @@ export const meta = {
 			id: '8c8a4145-02cc-4cca-8e66-29ba60445a8e',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
author	Hazelnoot <acomputerdog@gmail.com>	2024-11-22 13:43:06 -0500
committer	Hazelnoot <acomputerdog@gmail.com>	2024-11-22 15:19:24 -0500
commit	e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad (patch)
tree	cce9170107529b3d2880c69dc010130d35c87388 /packages/backend/src/server/api/endpoints/auth
parent	merge: Fix `.punyHost` misuse (!765) (diff)
download	sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.gz sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.bz2 sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.zip