diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-14 15:59:15 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-14 15:59:15 +0900 |
| commit | 7df3ca7388954ee43db28725092e3260f1f23d98 (patch) | |
| tree | 521ae2cdf0273e9aa8a79932c144007e09bc6ad2 /packages/backend/src/server/api | |
| parent | 13.0.0-rc.3 (diff) | |
| download | sharkey-7df3ca7388954ee43db28725092e3260f1f23d98.tar.gz sharkey-7df3ca7388954ee43db28725092e3260f1f23d98.tar.bz2 sharkey-7df3ca7388954ee43db28725092e3260f1f23d98.zip | |
enhance(server): add rate limits for some endpoints
Diffstat (limited to 'packages/backend/src/server/api')
6 files changed, 34 insertions, 4 deletions
diff --git a/packages/backend/src/server/api/endpoints/blocking/create.ts b/packages/backend/src/server/api/endpoints/blocking/create.ts index c468010bce..d9ba99f209 100644 --- a/packages/backend/src/server/api/endpoints/blocking/create.ts +++ b/packages/backend/src/server/api/endpoints/blocking/create.ts @@ -5,15 +5,15 @@ import type { UsersRepository, BlockingsRepository } from '@/models/index.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserBlockingService } from '@/core/UserBlockingService.js'; import { DI } from '@/di-symbols.js'; -import { ApiError } from '../../error.js'; import { GetterService } from '@/server/api/GetterService.js'; +import { ApiError } from '../../error.js'; export const meta = { tags: ['account'], limit: { duration: ms('1hour'), - max: 100, + max: 20, }, requireCredential: true, diff --git a/packages/backend/src/server/api/endpoints/channels/create.ts b/packages/backend/src/server/api/endpoints/channels/create.ts index 10f8b24629..dff8a9d10d 100644 --- a/packages/backend/src/server/api/endpoints/channels/create.ts +++ b/packages/backend/src/server/api/endpoints/channels/create.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { ChannelsRepository, DriveFilesRepository } from '@/models/index.js'; import type { Channel } from '@/models/entities/Channel.js'; @@ -14,6 +15,11 @@ export const meta = { kind: 'write:channels', + limit: { + duration: ms('1hour'), + max: 10, + }, + res: { type: 'object', optional: false, nullable: false, diff --git a/packages/backend/src/server/api/endpoints/clips/add-note.ts b/packages/backend/src/server/api/endpoints/clips/add-note.ts index a242124e6a..c5ac4f22d7 100644 --- a/packages/backend/src/server/api/endpoints/clips/add-note.ts +++ b/packages/backend/src/server/api/endpoints/clips/add-note.ts @@ -1,10 +1,11 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import { Endpoint } from '@/server/api/endpoint-base.js'; import { IdService } from '@/core/IdService.js'; import { DI } from '@/di-symbols.js'; import type { ClipNotesRepository, ClipsRepository } from '@/models/index.js'; -import { ApiError } from '../../error.js'; import { GetterService } from '@/server/api/GetterService.js'; +import { ApiError } from '../../error.js'; export const meta = { tags: ['account', 'notes', 'clips'], @@ -13,6 +14,11 @@ export const meta = { kind: 'write:account', + limit: { + duration: ms('1hour'), + max: 20, + }, + errors: { noSuchClip: { message: 'No such clip.', diff --git a/packages/backend/src/server/api/endpoints/mute/create.ts b/packages/backend/src/server/api/endpoints/mute/create.ts index 5ead470314..9099eea52e 100644 --- a/packages/backend/src/server/api/endpoints/mute/create.ts +++ b/packages/backend/src/server/api/endpoints/mute/create.ts @@ -1,12 +1,13 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import { Endpoint } from '@/server/api/endpoint-base.js'; import { IdService } from '@/core/IdService.js'; import type { MutingsRepository } from '@/models/index.js'; import type { Muting } from '@/models/entities/Muting.js'; import { GlobalEventService } from '@/core/GlobalEventService.js'; import { DI } from '@/di-symbols.js'; -import { ApiError } from '../../error.js'; import { GetterService } from '@/server/api/GetterService.js'; +import { ApiError } from '../../error.js'; export const meta = { tags: ['account'], @@ -15,6 +16,11 @@ export const meta = { kind: 'write:mutes', + limit: { + duration: ms('1hour'), + max: 20, + }, + errors: { noSuchUser: { message: 'No such user.', diff --git a/packages/backend/src/server/api/endpoints/notes/favorites/create.ts b/packages/backend/src/server/api/endpoints/notes/favorites/create.ts index e742c1bb35..acf22a5ad4 100644 --- a/packages/backend/src/server/api/endpoints/notes/favorites/create.ts +++ b/packages/backend/src/server/api/endpoints/notes/favorites/create.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import type { NoteFavoritesRepository } from '@/models/index.js'; import { IdService } from '@/core/IdService.js'; import { Endpoint } from '@/server/api/endpoint-base.js'; @@ -13,6 +14,11 @@ export const meta = { kind: 'write:favorites', + limit: { + duration: ms('1hour'), + max: 20, + }, + errors: { noSuchNote: { message: 'No such note.', diff --git a/packages/backend/src/server/api/endpoints/users/lists/push.ts b/packages/backend/src/server/api/endpoints/users/lists/push.ts index c3a1308286..96be7e11e8 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/push.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/push.ts @@ -1,4 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; +import ms from 'ms'; import type { UserListsRepository, UserListJoiningsRepository, BlockingsRepository } from '@/models/index.js'; import { Endpoint } from '@/server/api/endpoint-base.js'; import { GetterService } from '@/server/api/GetterService.js'; @@ -15,6 +16,11 @@ export const meta = { description: 'Add a user to an existing list.', + limit: { + duration: ms('1hour'), + max: 30, + }, + errors: { noSuchList: { message: 'No such list.', |