[feature] add rate limit middleware (#741)

* feat: add rate limit middleware

* chore: update vendor dir

* chore: update readme with new dependency

* chore: add rate limit infos to swagger.md file

* refactor: add ipv6 mask limiter option

Add IPv6 CIDR /64 mask

* refactor: increase rate limit to 1000

Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/internal/api/security/security.go b/internal/api/security/security.go
index 578adfe47..f06862dd9 100644
--- a/internal/api/security/security.go
+++ b/internal/api/security/security.go
@@ -20,6 +20,7 @@ package security
 
 import (
 	"net/http"
+	"time"
 
 	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
@@ -45,6 +46,11 @@ func New(db db.DB, server oauth.Server) api.ClientModule {
 
 // Route attaches security middleware to the given router
 func (m *Module) Route(s router.Router) error {
+	s.AttachMiddleware(m.RateLimit(RateLimitOptions{
+		// accept a maximum of 1000 requests in 5 minutes window
+		Period: 5 * time.Minute,
+		Limit:  1000,
+	}))
 	s.AttachMiddleware(m.SignatureCheck)
 	s.AttachMiddleware(m.FlocBlock)
 	s.AttachMiddleware(m.ExtraHeaders)