enhance(server): add rate limits for some endpoints

packages/backend/src/server/api/endpoints/drive/folders/create.ts

@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { DriveFoldersRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
@@ -14,6 +15,11 @@ export const meta = {
 
 	kind: 'write:drive',
 
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
+
 	errors: {
 		noSuchFolder: {
 			message: 'No such folder.',

packages/backend/src/server/api/endpoints/following/create.ts

@@ -6,15 +6,15 @@ import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { UserFollowingService } from '@/core/UserFollowingService.js';
 import { DI } from '@/di-symbols.js';
-import { ApiError } from '../../error.js';
 import { GetterService } from '@/server/api/GetterService.js';
+import { ApiError } from '../../error.js';
 
 export const meta = {
 	tags: ['following', 'users'],
 
 	limit: {
 		duration: ms('1hour'),
-		max: 100,
+		max: 50,
 	},
 
 	requireCredential: true,

packages/backend/src/server/api/endpoints/gallery/posts/create.ts

@@ -18,7 +18,7 @@ export const meta = {
 
 	limit: {
 		duration: ms('1hour'),
-		max: 300,
+		max: 20,
 	},
 
 	res: {

packages/backend/src/server/api/endpoints/messaging/messages/create.ts

@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { BlockingsRepository, UserGroupJoiningsRepository, DriveFilesRepository, UserGroupsRepository } from '@/models/index.js';
 import type { User } from '@/models/entities/User.js';
@@ -15,6 +16,11 @@ export const meta = {
 
 	kind: 'write:messaging',
 
+	limit: {
+		duration: ms('1hour'),
+		max: 120,
+	},
+
 	res: {
 		type: 'object',
 		optional: false, nullable: false,

packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts

@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import type { NotesRepository, NoteThreadMutingsRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
 import { Endpoint } from '@/server/api/endpoint-base.js';
@@ -14,6 +15,11 @@ export const meta = {
 
 	kind: 'write:account',
 
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
+
 	errors: {
 		noSuchNote: {
 			message: 'No such note.',

packages/backend/src/server/api/endpoints/pages/create.ts

@@ -17,7 +17,7 @@ export const meta = {
 
 	limit: {
 		duration: ms('1hour'),
-		max: 300,
+		max: 10,
 	},
 
 	res: {

packages/backend/src/server/api/endpoints/users/groups/create.ts

@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import type { UserGroupsRepository, UserGroupJoiningsRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
 import type { UserGroup } from '@/models/entities/UserGroup.js';
@@ -16,6 +17,11 @@ export const meta = {
 
 	description: 'Create a new group.',
 
+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
+
 	res: {
 		type: 'object',
 		optional: false, nullable: false,