enhance(server): add rate limits for some endpoints

2023-01-14 20:21:03 +09:00 · 2023-01-14 20:21:03 +09:00 · 2047449294
parent e46e7f5252
commit 2047449294
7 changed files with 28 additions and 4 deletions
--- a/packages/backend/src/server/api/endpoints/drive/folders/create.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/create.ts
@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
 import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { DriveFoldersRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
@ -14,6 +15,11 @@ export const meta = {
 	kind: 'write:drive',
 	limit: {
 		duration: ms('1hour'),
 		max: 10,
 	},
 	errors: {
 		noSuchFolder: {
 			message: 'No such folder.',
--- a/packages/backend/src/server/api/endpoints/following/create.ts
+++ b/packages/backend/src/server/api/endpoints/following/create.ts
@ -6,15 +6,15 @@ import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { UserFollowingService } from '@/core/UserFollowingService.js';
 import { DI } from '@/di-symbols.js';
 import { ApiError } from '../../error.js';
 import { GetterService } from '@/server/api/GetterService.js';
 import { ApiError } from '../../error.js';
 export const meta = {
 	tags: ['following', 'users'],
 	limit: {
 		duration: ms('1hour'),
-		max: 100,
+		max: 50,
 	},
 	requireCredential: true,
--- a/packages/backend/src/server/api/endpoints/gallery/posts/create.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/create.ts
@ -18,7 +18,7 @@ export const meta = {
 	limit: {
 		duration: ms('1hour'),
-		max: 300,
+		max: 20,
 	},
 	res: {
--- a/packages/backend/src/server/api/endpoints/messaging/messages/create.ts
+++ b/packages/backend/src/server/api/endpoints/messaging/messages/create.ts
@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
 import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { BlockingsRepository, UserGroupJoiningsRepository, DriveFilesRepository, UserGroupsRepository } from '@/models/index.js';
 import type { User } from '@/models/entities/User.js';
@ -15,6 +16,11 @@ export const meta = {
 	kind: 'write:messaging',
 	limit: {
 		duration: ms('1hour'),
 		max: 120,
 	},
 	res: {
 		type: 'object',
 		optional: false, nullable: false,
--- a/packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts
+++ b/packages/backend/src/server/api/endpoints/notes/thread-muting/create.ts
@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
 import ms from 'ms';
 import type { NotesRepository, NoteThreadMutingsRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
 import { Endpoint } from '@/server/api/endpoint-base.js';
@ -14,6 +15,11 @@ export const meta = {
 	kind: 'write:account',
 	limit: {
 		duration: ms('1hour'),
 		max: 10,
 	},
 	errors: {
 		noSuchNote: {
 			message: 'No such note.',
--- a/packages/backend/src/server/api/endpoints/pages/create.ts
+++ b/packages/backend/src/server/api/endpoints/pages/create.ts
@ -17,7 +17,7 @@ export const meta = {
 	limit: {
 		duration: ms('1hour'),
-		max: 300,
+		max: 10,
 	},
 	res: {
--- a/packages/backend/src/server/api/endpoints/users/groups/create.ts
+++ b/packages/backend/src/server/api/endpoints/users/groups/create.ts
@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
 import ms from 'ms';
 import type { UserGroupsRepository, UserGroupJoiningsRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
 import type { UserGroup } from '@/models/entities/UserGroup.js';
@ -16,6 +17,11 @@ export const meta = {
 	description: 'Create a new group.',
 	limit: {
 		duration: ms('1hour'),
 		max: 10,
 	},
 	res: {
 		type: 'object',
 		optional: false, nullable: false,