enhance(server): add rate limits for some endpoints

This commit is contained in:
syuilo 2023-01-14 20:21:03 +09:00
parent e46e7f5252
commit 2047449294
7 changed files with 28 additions and 4 deletions

View file

@ -1,4 +1,5 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { DriveFoldersRepository } from '@/models/index.js'; import type { DriveFoldersRepository } from '@/models/index.js';
import { IdService } from '@/core/IdService.js'; import { IdService } from '@/core/IdService.js';
@ -14,6 +15,11 @@ export const meta = {
kind: 'write:drive', kind: 'write:drive',
limit: {
duration: ms('1hour'),
max: 10,
},
errors: { errors: {
noSuchFolder: { noSuchFolder: {
message: 'No such folder.', message: 'No such folder.',

View file

@ -6,15 +6,15 @@ import { IdentifiableError } from '@/misc/identifiable-error.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
import { UserFollowingService } from '@/core/UserFollowingService.js'; import { UserFollowingService } from '@/core/UserFollowingService.js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import { ApiError } from '../../error.js';
import { GetterService } from '@/server/api/GetterService.js'; import { GetterService } from '@/server/api/GetterService.js';
import { ApiError } from '../../error.js';
export const meta = { export const meta = {
tags: ['following', 'users'], tags: ['following', 'users'],
limit: { limit: {
duration: ms('1hour'), duration: ms('1hour'),
max: 100, max: 50,
}, },
requireCredential: true, requireCredential: true,

View file

@ -18,7 +18,7 @@ export const meta = {
limit: { limit: {
duration: ms('1hour'), duration: ms('1hour'),
max: 300, max: 20,
}, },
res: { res: {

View file

@ -1,4 +1,5 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { BlockingsRepository, UserGroupJoiningsRepository, DriveFilesRepository, UserGroupsRepository } from '@/models/index.js'; import type { BlockingsRepository, UserGroupJoiningsRepository, DriveFilesRepository, UserGroupsRepository } from '@/models/index.js';
import type { User } from '@/models/entities/User.js'; import type { User } from '@/models/entities/User.js';
@ -15,6 +16,11 @@ export const meta = {
kind: 'write:messaging', kind: 'write:messaging',
limit: {
duration: ms('1hour'),
max: 120,
},
res: { res: {
type: 'object', type: 'object',
optional: false, nullable: false, optional: false, nullable: false,

View file

@ -1,4 +1,5 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import type { NotesRepository, NoteThreadMutingsRepository } from '@/models/index.js'; import type { NotesRepository, NoteThreadMutingsRepository } from '@/models/index.js';
import { IdService } from '@/core/IdService.js'; import { IdService } from '@/core/IdService.js';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
@ -14,6 +15,11 @@ export const meta = {
kind: 'write:account', kind: 'write:account',
limit: {
duration: ms('1hour'),
max: 10,
},
errors: { errors: {
noSuchNote: { noSuchNote: {
message: 'No such note.', message: 'No such note.',

View file

@ -17,7 +17,7 @@ export const meta = {
limit: { limit: {
duration: ms('1hour'), duration: ms('1hour'),
max: 300, max: 10,
}, },
res: { res: {

View file

@ -1,4 +1,5 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import type { UserGroupsRepository, UserGroupJoiningsRepository } from '@/models/index.js'; import type { UserGroupsRepository, UserGroupJoiningsRepository } from '@/models/index.js';
import { IdService } from '@/core/IdService.js'; import { IdService } from '@/core/IdService.js';
import type { UserGroup } from '@/models/entities/UserGroup.js'; import type { UserGroup } from '@/models/entities/UserGroup.js';
@ -16,6 +17,11 @@ export const meta = {
description: 'Create a new group.', description: 'Create a new group.',
limit: {
duration: ms('1hour'),
max: 10,
},
res: { res: {
type: 'object', type: 'object',
optional: false, nullable: false, optional: false, nullable: false,