From 5bf69476f625f3c4764cfb242d7d6a21c808f8b8 Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Fri, 8 Oct 2021 14:05:07 +0900
Subject: enhance(api): ap系のエンドポイントをログイン必須化+レートリミット追加
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

他のサーバーにリクエストを送信するという性質上、攻撃の踏み台にされることがあるため
---
 src/server/api/endpoints/ap/show.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/server/api/endpoints/ap/show.ts')

diff --git a/src/server/api/endpoints/ap/show.ts b/src/server/api/endpoints/ap/show.ts
index aa0dae070c..32685d44bd 100644
--- a/src/server/api/endpoints/ap/show.ts
+++ b/src/server/api/endpoints/ap/show.ts
@@ -11,11 +11,17 @@ import { Note } from '@/models/entities/note';
 import { User } from '@/models/entities/user';
 import { fetchMeta } from '@/misc/fetch-meta';
 import { isActor, isPost, getApId } from '@/remote/activitypub/type';
+import ms from 'ms';
 
 export const meta = {
 	tags: ['federation'],
 
-	requireCredential: false as const,
+	requireCredential: true as const,
+
+	limit: {
+		duration: ms('1hour'),
+		max: 30
+	},
 
 	params: {
 		uri: {
-- 
cgit v1.2.3-freya