From e3b826db5a2dd86c15b3c5f5bdfbd7fec8d781ad Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Fri, 22 Nov 2024 13:43:06 -0500
Subject: add rate limits to all public endpoints

---
 packages/backend/src/server/api/endpoints/users/achievements.ts     | 6 ++++++
 packages/backend/src/server/api/endpoints/users/clips.ts            | 6 ++++++
 packages/backend/src/server/api/endpoints/users/featured-notes.ts   | 6 ++++++
 packages/backend/src/server/api/endpoints/users/flashs.ts           | 6 ++++++
 packages/backend/src/server/api/endpoints/users/followers.ts        | 6 ++++++
 packages/backend/src/server/api/endpoints/users/following.ts        | 6 ++++++
 packages/backend/src/server/api/endpoints/users/gallery/posts.ts    | 6 ++++++
 .../src/server/api/endpoints/users/get-frequently-replied-users.ts  | 6 ++++++
 .../src/server/api/endpoints/users/lists/create-from-public.ts      | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/create.ts     | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/delete.ts     | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/favorite.ts   | 6 ++++++
 .../backend/src/server/api/endpoints/users/lists/get-memberships.ts | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/list.ts       | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/pull.ts       | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/push.ts       | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/show.ts       | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts | 6 ++++++
 .../src/server/api/endpoints/users/lists/update-membership.ts       | 6 ++++++
 packages/backend/src/server/api/endpoints/users/lists/update.ts     | 6 ++++++
 packages/backend/src/server/api/endpoints/users/notes.ts            | 6 ++++++
 packages/backend/src/server/api/endpoints/users/pages.ts            | 6 ++++++
 packages/backend/src/server/api/endpoints/users/reactions.ts        | 6 ++++++
 packages/backend/src/server/api/endpoints/users/recommendation.ts   | 6 ++++++
 packages/backend/src/server/api/endpoints/users/relation.ts         | 6 ++++++
 packages/backend/src/server/api/endpoints/users/report-abuse.ts     | 6 ++++++
 .../src/server/api/endpoints/users/search-by-username-and-host.ts   | 6 ++++++
 packages/backend/src/server/api/endpoints/users/search.ts           | 6 ++++++
 packages/backend/src/server/api/endpoints/users/show.ts             | 6 ++++++
 packages/backend/src/server/api/endpoints/users/update-memo.ts      | 6 ++++++
 30 files changed, 180 insertions(+)

(limited to 'packages/backend/src/server/api/endpoints/users')

diff --git a/packages/backend/src/server/api/endpoints/users/achievements.ts b/packages/backend/src/server/api/endpoints/users/achievements.ts
index f7139b3684..6c0811d3f0 100644
--- a/packages/backend/src/server/api/endpoints/users/achievements.ts
+++ b/packages/backend/src/server/api/endpoints/users/achievements.ts
@@ -25,6 +25,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/clips.ts b/packages/backend/src/server/api/endpoints/users/clips.ts
index 7f7d2ea8cc..a457a6c434 100644
--- a/packages/backend/src/server/api/endpoints/users/clips.ts
+++ b/packages/backend/src/server/api/endpoints/users/clips.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Clip',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/featured-notes.ts b/packages/backend/src/server/api/endpoints/users/featured-notes.ts
index e01f19ba7a..e6acae08b1 100644
--- a/packages/backend/src/server/api/endpoints/users/featured-notes.ts
+++ b/packages/backend/src/server/api/endpoints/users/featured-notes.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'Note',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/flashs.ts b/packages/backend/src/server/api/endpoints/users/flashs.ts
index e5ea450215..2da46e8747 100644
--- a/packages/backend/src/server/api/endpoints/users/flashs.ts
+++ b/packages/backend/src/server/api/endpoints/users/flashs.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Flash',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/followers.ts b/packages/backend/src/server/api/endpoints/users/followers.ts
index a8b4319a61..c1617e14e5 100644
--- a/packages/backend/src/server/api/endpoints/users/followers.ts
+++ b/packages/backend/src/server/api/endpoints/users/followers.ts
@@ -44,6 +44,12 @@ export const meta = {
 			id: '3c6a84db-d619-26af-ca14-06232a21df8a',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/following.ts b/packages/backend/src/server/api/endpoints/users/following.ts
index feda5bb353..c292c6d6a3 100644
--- a/packages/backend/src/server/api/endpoints/users/following.ts
+++ b/packages/backend/src/server/api/endpoints/users/following.ts
@@ -51,6 +51,12 @@ export const meta = {
 			id: 'a2b007b9-4782-4eba-abd3-93b05ed4130d',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/gallery/posts.ts b/packages/backend/src/server/api/endpoints/users/gallery/posts.ts
index 553886374c..931685e32a 100644
--- a/packages/backend/src/server/api/endpoints/users/gallery/posts.ts
+++ b/packages/backend/src/server/api/endpoints/users/gallery/posts.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'GalleryPost',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts b/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
index 9248a2fa68..99568cfa12 100644
--- a/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
+++ b/packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
@@ -47,6 +47,12 @@ export const meta = {
 			id: 'e6965129-7b2a-40a4-bae2-cd84cd434822',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts
index 7e44d501ab..2be3197d88 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts
@@ -60,6 +60,12 @@ export const meta = {
 			id: '1845ea77-38d1-426e-8e4e-8b83b24f5bd7',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/create.ts b/packages/backend/src/server/api/endpoints/users/lists/create.ts
index 7daf05ba4e..c3ea392e89 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/create.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/create.ts
@@ -37,6 +37,12 @@ export const meta = {
 			id: '0cf21a28-7715-4f39-a20d-777bfdb8d138',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/delete.ts b/packages/backend/src/server/api/endpoints/users/lists/delete.ts
index dc0d28a0eb..941ce77877 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/delete.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/delete.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '78436795-db79-42f5-b1e2-55ea2cf19166',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts
index fd142d5a01..fa898b0dc7 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts
@@ -26,6 +26,12 @@ export const meta = {
 			id: '6425bba0-985b-461e-af1b-518070e72081',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts b/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts
index 6d6e8d34ea..18373fdf07 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/get-memberships.ts
@@ -54,6 +54,12 @@ export const meta = {
 			},
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/list.ts b/packages/backend/src/server/api/endpoints/users/lists/list.ts
index 4241ef1cd0..7f17863a63 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/list.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/list.ts
@@ -45,6 +45,12 @@ export const meta = {
 			id: 'ab36de0e-29e9-48cb-9732-d82f1281620d',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/pull.ts b/packages/backend/src/server/api/endpoints/users/lists/pull.ts
index 94f06f3bea..1eb4d4ef42 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/pull.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/pull.ts
@@ -35,6 +35,12 @@ export const meta = {
 			id: '588e7f72-c744-4a61-b180-d354e912bda2',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/push.ts b/packages/backend/src/server/api/endpoints/users/lists/push.ts
index c717b3959c..4ba0fea314 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/push.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/push.ts
@@ -59,6 +59,12 @@ export const meta = {
 			id: '2dd9752e-a338-413d-8eec-41814430989b',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/show.ts b/packages/backend/src/server/api/endpoints/users/lists/show.ts
index 8756801fe4..c7f4128b56 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/show.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/show.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '7bc05c21-1d7a-41ae-88f1-66820f4dc686',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts
index 3f4bd5af8c..4d38f7d0a7 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '835c4b27-463d-4cfa-969b-a9058678d465',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts b/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts
index 3948ae1685..0539fadd35 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/update-membership.ts
@@ -33,6 +33,12 @@ export const meta = {
 			id: '588e7f72-c744-4a61-b180-d354e912bda2',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/lists/update.ts b/packages/backend/src/server/api/endpoints/users/lists/update.ts
index a38f84d7b0..ad2f8c02e0 100644
--- a/packages/backend/src/server/api/endpoints/users/lists/update.ts
+++ b/packages/backend/src/server/api/endpoints/users/lists/update.ts
@@ -32,6 +32,12 @@ export const meta = {
 			id: '796666fe-3dff-4d39-becb-8a5932c1d5b7',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/notes.ts b/packages/backend/src/server/api/endpoints/users/notes.ts
index 263d062961..92d8032fa6 100644
--- a/packages/backend/src/server/api/endpoints/users/notes.ts
+++ b/packages/backend/src/server/api/endpoints/users/notes.ts
@@ -44,6 +44,12 @@ export const meta = {
 			id: '91c8cb9f-36ed-46e7-9ca2-7df96ed6e222',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/pages.ts b/packages/backend/src/server/api/endpoints/users/pages.ts
index bb7de0e0b5..3cb958066e 100644
--- a/packages/backend/src/server/api/endpoints/users/pages.ts
+++ b/packages/backend/src/server/api/endpoints/users/pages.ts
@@ -24,6 +24,12 @@ export const meta = {
 			ref: 'Page',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts
index 7805ae3288..49c1190197 100644
--- a/packages/backend/src/server/api/endpoints/users/reactions.ts
+++ b/packages/backend/src/server/api/endpoints/users/reactions.ts
@@ -44,6 +44,12 @@ export const meta = {
 			id: '6b95fa98-8cf9-2350-e284-f0ffdb54a805',
 		},
 	},
+
+	// 5 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/recommendation.ts b/packages/backend/src/server/api/endpoints/users/recommendation.ts
index 5b3b4527f7..46af1f38ac 100644
--- a/packages/backend/src/server/api/endpoints/users/recommendation.ts
+++ b/packages/backend/src/server/api/endpoints/users/recommendation.ts
@@ -29,6 +29,12 @@ export const meta = {
 			ref: 'UserDetailed',
 		},
 	},
+
+	// 2 calls per second
+	limit: {
+		duration: 1000,
+		max: 2,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/relation.ts b/packages/backend/src/server/api/endpoints/users/relation.ts
index 1d75437b81..e659c46713 100644
--- a/packages/backend/src/server/api/endpoints/users/relation.ts
+++ b/packages/backend/src/server/api/endpoints/users/relation.ts
@@ -108,6 +108,12 @@ export const meta = {
 			},
 		],
 	},
+
+	// 10 calls per 2 seconds
+	limit: {
+		duration: 1000 * 2,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/report-abuse.ts b/packages/backend/src/server/api/endpoints/users/report-abuse.ts
index 5ff6de37d2..f811020645 100644
--- a/packages/backend/src/server/api/endpoints/users/report-abuse.ts
+++ b/packages/backend/src/server/api/endpoints/users/report-abuse.ts
@@ -37,6 +37,12 @@ export const meta = {
 			id: '35e166f5-05fb-4f87-a2d5-adb42676d48f',
 		},
 	},
+
+	// 10 calls per minute
+	limit: {
+		duration: 1000 * 60,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts b/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
index 8ff952dcb5..fda56ea6fe 100644
--- a/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
+++ b/packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
@@ -23,6 +23,12 @@ export const meta = {
 			ref: 'User',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/search.ts b/packages/backend/src/server/api/endpoints/users/search.ts
index 0b0136066d..2d17c91e1d 100644
--- a/packages/backend/src/server/api/endpoints/users/search.ts
+++ b/packages/backend/src/server/api/endpoints/users/search.ts
@@ -28,6 +28,12 @@ export const meta = {
 			ref: 'User',
 		},
 	},
+
+	// 3 calls per second
+	limit: {
+		duration: 1000,
+		max: 3,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/show.ts b/packages/backend/src/server/api/endpoints/users/show.ts
index 062326e28d..7ebca78a7d 100644
--- a/packages/backend/src/server/api/endpoints/users/show.ts
+++ b/packages/backend/src/server/api/endpoints/users/show.ts
@@ -56,6 +56,12 @@ export const meta = {
 			httpStatusCode: 404,
 		},
 	},
+
+	// 5 calls per 2 seconds
+	limit: {
+		duration: 1000 * 2,
+		max: 5,
+	},
 } as const;
 
 export const paramDef = {
diff --git a/packages/backend/src/server/api/endpoints/users/update-memo.ts b/packages/backend/src/server/api/endpoints/users/update-memo.ts
index 5a10de0c40..35369a04e8 100644
--- a/packages/backend/src/server/api/endpoints/users/update-memo.ts
+++ b/packages/backend/src/server/api/endpoints/users/update-memo.ts
@@ -25,6 +25,12 @@ export const meta = {
 			id: '6fef56f3-e765-4957-88e5-c6f65329b8a5',
 		},
 	},
+
+	// 10 calls per second
+	limit: {
+		duration: 1000,
+		max: 10,
+	},
 } as const;
 
 export const paramDef = {
-- 
cgit v1.2.3-freya