add rate limits to all public endpoints

author: Hazelnoot <acomputerdog@gmail.com> 2024-11-22 13:43:06 -0500
committer: Hazelnoot <acomputerdog@gmail.com> 2024-11-22 15:19:24 -0500
commit: e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad (patch)
tree: cce9170107529b3d2880c69dc010130d35c87388 /packages/backend/src/server/api/endpoints/channels
parent: merge: Fix `.punyHost` misuse (!765) (diff)
download: sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.gz
sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.bz2
sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.zip
12 files changed, 72 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/endpoints/channels/favorite.ts b/packages/backend/src/server/api/endpoints/channels/favorite.ts
index a1ae9b80a7..7ae5eb3437 100644
--- a/packages/backend/src/server/api/endpoints/channels/favorite.ts
+++ b/packages/backend/src/server/api/endpoints/channels/favorite.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '4938f5f3-6167-4c04-9149-6607b7542861',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/featured.ts b/packages/backend/src/server/api/endpoints/channels/featured.ts
index a9a79ba8fc..24323cbe63 100644
--- a/packages/backend/src/server/api/endpoints/channels/featured.ts
+++ b/packages/backend/src/server/api/endpoints/channels/featured.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/follow.ts b/packages/backend/src/server/api/endpoints/channels/follow.ts
index 1812820ba2..5505f3ed24 100644
--- a/packages/backend/src/server/api/endpoints/channels/follow.ts
+++ b/packages/backend/src/server/api/endpoints/channels/follow.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: 'c0031718-d573-4e85-928e-10039f1fbb68',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/followed.ts b/packages/backend/src/server/api/endpoints/channels/followed.ts
index d2f36f251e..e667b0b881 100644
--- a/packages/backend/src/server/api/endpoints/channels/followed.ts
+++ b/packages/backend/src/server/api/endpoints/channels/followed.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/my-favorites.ts b/packages/backend/src/server/api/endpoints/channels/my-favorites.ts
index d96e6c3ad2..72a1cc0cf9 100644
--- a/packages/backend/src/server/api/endpoints/channels/my-favorites.ts
+++ b/packages/backend/src/server/api/endpoints/channels/my-favorites.ts
@@ -25,6 +25,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/owned.ts b/packages/backend/src/server/api/endpoints/channels/owned.ts
index daab685f1b..6e51add6b2 100644
--- a/packages/backend/src/server/api/endpoints/channels/owned.ts
+++ b/packages/backend/src/server/api/endpoints/channels/owned.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/search.ts b/packages/backend/src/server/api/endpoints/channels/search.ts
index ae32203603..9476c494a3 100644
--- a/packages/backend/src/server/api/endpoints/channels/search.ts
+++ b/packages/backend/src/server/api/endpoints/channels/search.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Channel',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/show.ts b/packages/backend/src/server/api/endpoints/channels/show.ts
index 332ce2c9dc..e9c0c392c0 100644
--- a/packages/backend/src/server/api/endpoints/channels/show.ts
+++ b/packages/backend/src/server/api/endpoints/channels/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 			id: '6f6c314b-7486-4897-8966-c04a66a02923',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/timeline.ts b/packages/backend/src/server/api/endpoints/channels/timeline.ts
index 06130464a9..0bd01d712c 100644
--- a/packages/backend/src/server/api/endpoints/channels/timeline.ts
+++ b/packages/backend/src/server/api/endpoints/channels/timeline.ts
@@ -38,6 +38,12 @@ export const meta = {
 			id: '4d0eeeba-a02c-4c3c-9966-ef60d38d2e7f',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/unfavorite.ts b/packages/backend/src/server/api/endpoints/channels/unfavorite.ts
index fc6b75e295..a5db833704 100644
--- a/packages/backend/src/server/api/endpoints/channels/unfavorite.ts
+++ b/packages/backend/src/server/api/endpoints/channels/unfavorite.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '353c68dd-131a-476c-aa99-88a345e83668',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/unfollow.ts b/packages/backend/src/server/api/endpoints/channels/unfollow.ts
index 48c5261135..aea34d9d47 100644
--- a/packages/backend/src/server/api/endpoints/channels/unfollow.ts
+++ b/packages/backend/src/server/api/endpoints/channels/unfollow.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '19959ee9-0153-4c51-bbd9-a98c49dc59d6',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/channels/update.ts b/packages/backend/src/server/api/endpoints/channels/update.ts
index dba2938b39..d2a75225ed 100644
--- a/packages/backend/src/server/api/endpoints/channels/update.ts
+++ b/packages/backend/src/server/api/endpoints/channels/update.ts
@@ -10,6 +10,7 @@ import { ChannelEntityService } from '@/core/entities/ChannelEntityService.js';
 import { DI } from '@/di-symbols.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['channels'],
@@ -43,6 +44,11 @@ export const meta = {
 			id: 'e86c14a4-0da2-4032-8df3-e737a04c7f3b',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
author	Hazelnoot <acomputerdog@gmail.com>	2024-11-22 13:43:06 -0500
committer	Hazelnoot <acomputerdog@gmail.com>	2024-11-22 15:19:24 -0500
commit	e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad (patch)
tree	cce9170107529b3d2880c69dc010130d35c87388 /packages/backend/src/server/api/endpoints/channels
parent	merge: Fix `.punyHost` misuse (!765) (diff)
download	sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.gz sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.tar.bz2 sharkey-e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad.zip