add rate limits to all public endpoints

7 files changed, 42 insertions, 0 deletions

diff --git a/packages/backend/src/server/api/endpoints/flash/delete.ts b/packages/backend/src/server/api/endpoints/flash/delete.ts
index 6912450abf..1010567113 100644
--- a/packages/backend/src/server/api/endpoints/flash/delete.ts
+++ b/packages/backend/src/server/api/endpoints/flash/delete.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['flashs'],
@@ -31,6 +32,11 @@ export const meta = {
 			id: '1036ad7b-9f92-4fff-89c3-0e50dc941704',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/featured.ts b/packages/backend/src/server/api/endpoints/flash/featured.ts
index c2d6ab5085..2e8cbffe2a 100644
--- a/packages/backend/src/server/api/endpoints/flash/featured.ts
+++ b/packages/backend/src/server/api/endpoints/flash/featured.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'Flash',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/like.ts b/packages/backend/src/server/api/endpoints/flash/like.ts
index e4dc5b61c5..378f9280f7 100644
--- a/packages/backend/src/server/api/endpoints/flash/like.ts
+++ b/packages/backend/src/server/api/endpoints/flash/like.ts
@@ -38,6 +38,12 @@ export const meta = {
 			id: '010065cf-ad43-40df-8067-abff9f4686e3',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/my-likes.ts b/packages/backend/src/server/api/endpoints/flash/my-likes.ts
index 755cc5acfc..22eae381da 100644
--- a/packages/backend/src/server/api/endpoints/flash/my-likes.ts
+++ b/packages/backend/src/server/api/endpoints/flash/my-likes.ts
@@ -36,6 +36,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/my.ts b/packages/backend/src/server/api/endpoints/flash/my.ts
index 5746096232..48f464c337 100644
--- a/packages/backend/src/server/api/endpoints/flash/my.ts
+++ b/packages/backend/src/server/api/endpoints/flash/my.ts
@@ -26,6 +26,12 @@ export const meta = {
 			ref: 'Flash',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/show.ts b/packages/backend/src/server/api/endpoints/flash/show.ts
index a6fbd8e76e..03d9710773 100644
--- a/packages/backend/src/server/api/endpoints/flash/show.ts
+++ b/packages/backend/src/server/api/endpoints/flash/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 			id: 'f0d34a1a-d29a-401d-90ba-1982122b5630',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/flash/unlike.ts b/packages/backend/src/server/api/endpoints/flash/unlike.ts
index 7869bcdf52..6f45198e67 100644
--- a/packages/backend/src/server/api/endpoints/flash/unlike.ts
+++ b/packages/backend/src/server/api/endpoints/flash/unlike.ts
@@ -31,6 +31,12 @@ export const meta = {
 			id: '755f25a7-9871-4f65-9f34-51eaad9ae0ac',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {