misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

add rate limits to all public endpoints

Browse source
This commit is contained in:
Hazelnoot 2024-11-22 13:43:06 -05:00
parent a38d8a91a1
commit e3b826db5a
243 changed files with 2908 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
packages/backend/src/server/api/endpoints/notes/bubble-timeline.ts
View file

@ -30,6 +30,12 @@ export const meta = {
id: '0332fc13-6ab2-4427-ae80-a9fadffd1a6c',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/children.ts
View file

@ -25,6 +25,12 @@ export const meta = {
ref: 'Note',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/clips.ts
View file

@ -34,6 +34,12 @@ export const meta = {
id: '47db1a1c-b0af-458d-8fb4-986e4efafe1e',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/conversation.ts
View file

@ -34,6 +34,12 @@ export const meta = {
id: 'e1035875-9551-45ec-afa8-1ded1fcb53c8',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

7
packages/backend/src/server/api/endpoints/notes/favorites/delete.ts
View file

@ -9,6 +9,7 @@ import { GetterService } from '@/server/api/GetterService.js';
import { DI } from '@/di-symbols.js';
import type { NoteFavoritesRepository } from '@/models/_.js';
import { ApiError } from '../../../error.js';
import ms from 'ms';
export const meta = {
tags: ['notes', 'favorites'],
@ -30,6 +31,12 @@ export const meta = {
id: 'b625fc69-635e-45e9-86f4-dbefbef35af5',
},
},
// 20 calls per hour (match create)
limit: {
duration: ms('1hour'),
max: 20,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/featured.ts
View file

@ -28,6 +28,12 @@ export const meta = {
ref: 'Note',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/following.ts
View file

@ -42,6 +42,12 @@ export const meta = {
id: '7a1b9cb6-235b-4e58-9c00-32c1796f502c',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

8
packages/backend/src/server/api/endpoints/notes/global-timeline.ts
View file

@ -35,6 +35,12 @@ export const meta = {
id: '0332fc13-6ab2-4427-ae80-a9fadffd1a6b',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {
@ -98,7 +104,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
}
if (!ps.withBots) query.andWhere('user.isBot = FALSE');
if (ps.withRenotes === false) {
query.andWhere(new Brackets(qb => {
qb.where('note.renoteId IS NULL');

6
packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
View file

@ -49,6 +49,12 @@ export const meta = {
id: 'dfaa3eb7-8002-4cb7-bcc4-1095df46656f',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/like.ts
View file

@ -34,6 +34,12 @@ export const meta = {
id: 'eaccdc08-ddef-43fe-908f-d108faad57f5',
},
},
// 2 calls per second
limit: {
duration: 1000,
max: 2,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/local-timeline.ts
View file

@ -43,6 +43,12 @@ export const meta = {
id: 'dd9c8400-1cb5-4eef-8a31-200c5f933793',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/mentions.ts
View file

@ -27,6 +27,12 @@ export const meta = {
ref: 'Note',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts
View file

@ -25,6 +25,12 @@ export const meta = {
ref: 'Note',
},
},
// 2 calls per second
limit: {
duration: 1000,
max: 2,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/polls/refresh.ts
View file

@ -45,6 +45,12 @@ export const meta = {
id: '85a5377e-b1e9-4617-b0b9-5bea73331e49',
},
},
// 2 calls per second
limit: {
duration: 1000,
max: 2,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/polls/vote.ts
View file

@ -63,6 +63,12 @@ export const meta = {
id: '85a5377e-b1e9-4617-b0b9-5bea73331e49',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/reactions.ts
View file

@ -37,6 +37,12 @@ export const meta = {
id: '263fff3d-d0e1-4af4-bea7-8408059b451a',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/reactions/create.ts
View file

@ -43,6 +43,12 @@ export const meta = {
id: 'eaccdc08-ddef-43fe-908f-d108faad57f5',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

9
packages/backend/src/server/api/endpoints/notes/renotes.ts
View file

@ -34,6 +34,13 @@ export const meta = {
id: '12908022-2e21-46cd-ba6a-3edaf6093f46',
},
},
// 100 calls per 10 seconds.
// This is high because the frontend calls this in a tight loop while loading timelines.
limit: {
duration: 1000 * 10,
max: 100,
},
} as const;
export const paramDef = {
@ -72,7 +79,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
.leftJoinAndSelect('note.renote', 'renote')
.leftJoinAndSelect('reply.user', 'replyUser')
.leftJoinAndSelect('renote.user', 'renoteUser');
if (ps.userId) {
query.andWhere("user.id = :userId", { userId: ps.userId });
}

6
packages/backend/src/server/api/endpoints/notes/replies.ts
View file

@ -24,6 +24,12 @@ export const meta = {
ref: 'Note',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
View file

@ -27,6 +27,12 @@ export const meta = {
ref: 'Note',
},
},
// 2 calls per second
limit: {
duration: 1000,
max: 2,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/search.ts
View file

@ -32,6 +32,12 @@ export const meta = {
id: '0b44998d-77aa-4427-80d0-d2c9b8523011',
},
},
// 2 calls per second
limit: {
duration: 1000,
max: 2,
},
} as const;
export const paramDef = {

10
packages/backend/src/server/api/endpoints/notes/show.ts
View file

@ -29,6 +29,12 @@ export const meta = {
id: '24fcbfc6-2e37-42b6-8388-c29b3861a08d',
},
},
// 2 calls per second
limit: {
duration: 1000,
max: 2,
},
} as const;
export const paramDef = {
@ -44,7 +50,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
constructor(
@Inject(DI.notesRepository)
private notesRepository: NotesRepository,
private noteEntityService: NoteEntityService,
private queryService: QueryService,
) {
@ -56,7 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (me) {
this.queryService.generateBlockedUserQuery(query, me);
}
const note = await query.getOne();
if (note === null) {

6
packages/backend/src/server/api/endpoints/notes/state.ts
View file

@ -28,6 +28,12 @@ export const meta = {
},
},
},
// 10 calls per second
limit: {
duration: 1000,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/thread-muting/delete.ts
View file

@ -24,6 +24,12 @@ export const meta = {
id: 'bddd57ac-ceb3-b29d-4334-86ea5fae481a',
},
},
// 10 calls per hour (match create)
limit: {
duration: 1000 * 60 * 60,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/timeline.ts
View file

@ -32,6 +32,12 @@ export const meta = {
ref: 'Note',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/translate.ts
View file

@ -46,6 +46,12 @@ export const meta = {
id: 'ea29f2ca-c368-43b3-aaf1-5ac3e74bbe5d',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

6
packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts
View file

@ -39,6 +39,12 @@ export const meta = {
id: '8fb1fbd5-e476-4c37-9fb0-43d55b63a2ff',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {

10
packages/backend/src/server/api/endpoints/notes/versions.ts
View file

@ -28,6 +28,12 @@ export const meta = {
id: '24fcbfc6-2e37-42b6-8388-c29b3861a08d',
},
},
// 10 calls per 5 seconds
limit: {
duration: 1000 * 5,
max: 10,
},
} as const;
export const paramDef = {
@ -43,7 +49,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
constructor(
@Inject(DI.notesRepository)
private notesRepository: NotesRepository,
private getterService: GetterService,
private queryService: QueryService,
) {
@ -53,7 +59,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
.where('note.id = :noteId', { noteId: ps.noteId });
this.queryService.generateVisibilityQuery(query, me);
const note = await query.getOne();
if (note === null) {