merge: fixes for 2024.9.4 (if we want to) (!770)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/770 Approved-by: Hazelnoot <acomputerdog@gmail.com> Approved-by: Julia <julia@insertdomain.name>
author: Julia <julia@insertdomain.name> 2024-11-28 05:23:38 +0000
committer: Julia <julia@insertdomain.name> 2024-11-28 05:23:38 +0000
commit: 150d949a3ec2b5162e2dfda10c2cc5dddea8c59a (patch)
tree: a1854b0cfcc91e8148f2df722237df08b6520537 /packages/backend/src/server/api/endpoints/gallery
parent: merge: Fix `.punyHost` misuse (!765) (diff)
parent: merge: Add shared (cross-resource) rate limit for proxy (!775) (diff)
download: sharkey-150d949a3ec2b5162e2dfda10c2cc5dddea8c59a.tar.gz
sharkey-150d949a3ec2b5162e2dfda10c2cc5dddea8c59a.tar.bz2
sharkey-150d949a3ec2b5162e2dfda10c2cc5dddea8c59a.zip
7 files changed, 42 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/endpoints/gallery/featured.ts b/packages/backend/src/server/api/endpoints/gallery/featured.ts
index 7d2878e03f..abbfb9b83b 100644
--- a/packages/backend/src/server/api/endpoints/gallery/featured.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/featured.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/popular.ts b/packages/backend/src/server/api/endpoints/gallery/popular.ts
index 4ee252104a..71b979ab9f 100644
--- a/packages/backend/src/server/api/endpoints/gallery/popular.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/popular.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts.ts b/packages/backend/src/server/api/endpoints/gallery/posts.ts
index d398418ab4..630b6cede5 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts.ts
@@ -22,6 +22,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts b/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts
index b6b94db161..68478ba55c 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/delete.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { RoleService } from '@/core/RoleService.js';
 import { ApiError } from '../../../error.js';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['gallery'],
@@ -31,6 +32,11 @@ export const meta = {
 			id: 'c86e09de-1c48-43ac-a435-1c7e42ed4496',
 		},
 	},
+
+	limit: {
+		duration: ms('1hour'),
+		max: 300,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/like.ts b/packages/backend/src/server/api/endpoints/gallery/posts/like.ts
index 91e49e6463..e73110648c 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/like.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/like.ts
@@ -39,6 +39,12 @@ export const meta = {
 			id: '40e9ed56-a59c-473a-bf3f-f289c54fb5a7',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/show.ts b/packages/backend/src/server/api/endpoints/gallery/posts/show.ts
index bd69898229..fd637febaa 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/show.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/show.ts
@@ -28,6 +28,12 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'GalleryPost',
 	},
+
+	// 10 calls per 5 seconds
+	limit: {
+		duration: 1000 * 5,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts b/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts
index f44e2c7afc..b0fad1eff2 100644
--- a/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/unlike.ts
@@ -33,6 +33,12 @@ export const meta = {
 			id: 'e3e8e06e-be37-41f7-a5b4-87a8250288f0',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
author	Julia <julia@insertdomain.name>	2024-11-28 05:23:38 +0000
committer	Julia <julia@insertdomain.name>	2024-11-28 05:23:38 +0000
commit	150d949a3ec2b5162e2dfda10c2cc5dddea8c59a (patch)
tree	a1854b0cfcc91e8148f2df722237df08b6520537 /packages/backend/src/server/api/endpoints/gallery
parent	merge: Fix `.punyHost` misuse (!765) (diff)
parent	merge: Add shared (cross-resource) rate limit for proxy (!775) (diff)
download	sharkey-150d949a3ec2b5162e2dfda10c2cc5dddea8c59a.tar.gz sharkey-150d949a3ec2b5162e2dfda10c2cc5dddea8c59a.tar.bz2 sharkey-150d949a3ec2b5162e2dfda10c2cc5dddea8c59a.zip