[feature] Make rate limit requests amount configurable (#966)

* update rate limit documentation

* regenerate landingpage config helpers

* make rate limit rate configurable

1 files changed, 9 insertions, 5 deletions

diff --git a/internal/api/security/security.go b/internal/api/security/security.go
index f06862dd9..1dce111d3 100644
--- a/internal/api/security/security.go
+++ b/internal/api/security/security.go
@@ -23,6 +23,7 @@ import (
 	"time"
 
 	"github.com/superseriousbusiness/gotosocial/internal/api"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/router"
@@ -46,11 +47,14 @@ func New(db db.DB, server oauth.Server) api.ClientModule {
 
 // Route attaches security middleware to the given router
 func (m *Module) Route(s router.Router) error {
-	s.AttachMiddleware(m.RateLimit(RateLimitOptions{
-		// accept a maximum of 1000 requests in 5 minutes window
-		Period: 5 * time.Minute,
-		Limit:  1000,
-	}))
+	// only enable rate limit middleware if configured
+	// advanced-rate-limit-requests is greater than 0
+	if rateLimitRequests := config.GetAdvancedRateLimitRequests(); rateLimitRequests > 0 {
+		s.AttachMiddleware(m.RateLimit(RateLimitOptions{
+			Period: 5 * time.Minute,
+			Limit:  int64(rateLimitRequests),
+		}))
+	}
 	s.AttachMiddleware(m.SignatureCheck)
 	s.AttachMiddleware(m.FlocBlock)
 	s.AttachMiddleware(m.ExtraHeaders)