diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-14 20:21:03 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-14 20:21:03 +0900 |
| commit | 20474492943853a5d0d9d3f6c8f8321e19f3ced0 (patch) | |
| tree | 5c7998a6ecf452b22e28fb1b13e764fa58c4e580 /packages/backend/src/server/api | |
| parent | ノートをピン留めできる数を設定可能に (diff) | |
| download | sharkey-20474492943853a5d0d9d3f6c8f8321e19f3ced0.tar.gz sharkey-20474492943853a5d0d9d3f6c8f8321e19f3ced0.tar.bz2 sharkey-20474492943853a5d0d9d3f6c8f8321e19f3ced0.zip | |
enhance(server): add rate limits for some endpoints
Diffstat (limited to 'packages/backend/src/server/api')
7 files changed, 28 insertions, 4 deletions
diff --git a/packages/backend/src/server/api/endpoints/drive/folders/create.ts b/packages/backend/src/server/api/endpoints/drive/folders/create.ts index e7c11a8c13..39c9c6bc58 100644 --- a/packages/backend/src/server/api/endpoints/drive/folders/create.ts +++ b/packages/backend/src/server/api/endpoints/drive/folders/create.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { DriveFoldersRepository } from '@/models/index.js'; import { IdService } from '@/core/IdService.js'; @@ -14,6 +15,11 @@ export const meta = { kind: 'write:drive', + limit: { + duration: ms('1hour'), + max: 10, + }, + errors: { noSuchFolder: { message: 'No such folder.', diff --git a/packages/backend/src/server/api/endpoints/following/create.ts b/packages/backend/src/server/api/endpoints/following/create.ts index f879429372..411c39110a 100644 --- a/packages/backend/src/server/api/endpoints/following/create.ts +++ b/packages/backend/src/server/api/endpoints/following/create.ts @@ -6,15 +6,15 @@ import { IdentifiableError } from '@/misc/identifiable-error.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserFollowingService } from '@/core/UserFollowingService.js'; import { DI } from '@/di-symbols.js'; -import { ApiError } from '../../error.js'; import { GetterService } from '@/server/api/GetterService.js'; +import { ApiError } from '../../error.js'; export const meta = { tags: ['following', 'users'], limit: { duration: ms('1hour'), - max: 100, + max: 50, }, requireCredential: true, diff --git a/packages/backend/src/server/api/endpoints/gallery/posts/create.ts b/packages/backend/src/server/api/endpoints/gallery/posts/create.ts index 2842308510..3d9d471502 100644 --- a/packages/backend/src/server/api/endpoints/gallery/posts/create.ts +++ b/packages/backend/src/server/api/endpoints/gallery/posts/create.ts @@ -18,7 +18,7 @@ export const meta = { limit: { duration: ms('1hour'), - max: 300, + max: 20, }, res: { diff --git a/packages/backend/src/server/api/endpoints/messaging/messages/create.ts b/packages/backend/src/server/api/endpoints/messaging/messages/create.ts index 00e65b4875..e9ffc7a9eb 100644 --- a/packages/backend/src/server/api/endpoints/messaging/messages/create.ts +++ b/packages/backend/src/server/api/endpoints/messaging/messages/create.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { BlockingsRepository, UserGroupJoiningsRepository, DriveFilesRepository, UserGroupsRepository } from '@/models/index.js'; import type { User } from '@/models/entities/User.js'; @@ -15,6 +16,11 @@ export const meta = { kind: 'write:messaging', + limit: { + duration: ms('1hour'), + max: 120, + }, + res: { type: 'object', optional: false, nullable: false, diff --git a/packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts b/packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts index 140614d36e..abea069da8 100644 --- a/packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts +++ b/packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import type { NotesRepository, NoteThreadMutingsRepository } from '@/models/index.js'; import { IdService } from '@/core/IdService.js'; import { Endpoint } from '@/server/api/endpoint-base.js'; @@ -14,6 +15,11 @@ export const meta = { kind: 'write:account', + limit: { + duration: ms('1hour'), + max: 10, + }, + errors: { noSuchNote: { message: 'No such note.', diff --git a/packages/backend/src/server/api/endpoints/pages/create.ts b/packages/backend/src/server/api/endpoints/pages/create.ts index eae8f18403..4015bf1f29 100644 --- a/packages/backend/src/server/api/endpoints/pages/create.ts +++ b/packages/backend/src/server/api/endpoints/pages/create.ts @@ -17,7 +17,7 @@ export const meta = { limit: { duration: ms('1hour'), - max: 300, + max: 10, }, res: { diff --git a/packages/backend/src/server/api/endpoints/users/groups/create.ts b/packages/backend/src/server/api/endpoints/users/groups/create.ts index c1f4f48445..24dbf5ca3c 100644 --- a/packages/backend/src/server/api/endpoints/users/groups/create.ts +++ b/packages/backend/src/server/api/endpoints/users/groups/create.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import type { UserGroupsRepository, UserGroupJoiningsRepository } from '@/models/index.js'; import { IdService } from '@/core/IdService.js'; import type { UserGroup } from '@/models/entities/UserGroup.js'; @@ -16,6 +17,11 @@ export const meta = { description: 'Create a new group.', + limit: { + duration: ms('1hour'), + max: 10, + }, + res: { type: 'object', optional: false, nullable: false, |