summaryrefslogtreecommitdiff
path: root/packages/backend/src/server
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server')
-rw-r--r--packages/backend/src/server/SkRateLimiterService.md5
-rw-r--r--packages/backend/src/server/api/SkRateLimiterService.ts10
2 files changed, 14 insertions, 1 deletions
diff --git a/packages/backend/src/server/SkRateLimiterService.md b/packages/backend/src/server/SkRateLimiterService.md
index 762f8dfe14..fb007538fa 100644
--- a/packages/backend/src/server/SkRateLimiterService.md
+++ b/packages/backend/src/server/SkRateLimiterService.md
@@ -12,6 +12,11 @@ SkRateLimiterService is not quite plug-and-play compatible with existing call si
Instead, the returned LimitInfo object will have `blocked` set to true.
Callers are responsible for checking this property and taking any desired action, such as rejecting a request or returning limit details.
+Rate limit factors are also handled differently.
+Instead of providing an optional parameter for callers, SkRateLimiterServer accepts an `MiUser` parameter that is used to compute the factor directly.
+If a user is not available (such as for unauthenticated callers), then the Role Template factor is used instead.
+To avoid confusion, the `factor` parameter has been removed entirely and is now an implementation detail.
+
## Headers
LimitInfo objects (returned by `SkRateLimitService.limit()`) can be passed to `rate-limit-utils.sendRateLimitHeaders()` to send standard rate limit headers with an HTTP response.
diff --git a/packages/backend/src/server/api/SkRateLimiterService.ts b/packages/backend/src/server/api/SkRateLimiterService.ts
index 70103222f3..038f12cb25 100644
--- a/packages/backend/src/server/api/SkRateLimiterService.ts
+++ b/packages/backend/src/server/api/SkRateLimiterService.ts
@@ -40,7 +40,15 @@ export class SkRateLimiterService {
}
/**
- * Check & increment a rate limit for a client
+ * Check & increment a rate limit for a client.
+ *
+ * If the client (actorOrUser) is passed as a string, then it uses the default rate limit factor from the role template.
+ * If the client (actorOrUser) is passed as an MiUser, then it queries the user's actual rate limit factor from their assigned roles.
+ *
+ * A factor of zero (0) will disable the limit, while any negative number will produce an error.
+ * A factor between zero (0) and one (1) will increase the limit from its default values (allowing more actions per time interval).
+ * A factor greater than one (1) will decrease the limit from its default values (allowing fewer actions per time interval).
+ *
* @param limit The limit definition
* @param actorOrUser authenticated client user or IP hash
*/
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 18:24:14 +0000