From bee8458a2d12bdd42079fcb2c4ca88ebeafe305b Mon Sep 17 00:00:00 2001 From: nya1 Date: Wed, 31 Aug 2022 12:06:14 +0200 Subject: [feature] add rate limit middleware (#741) * feat: add rate limit middleware * chore: update vendor dir * chore: update readme with new dependency * chore: add rate limit infos to swagger.md file * refactor: add ipv6 mask limiter option Add IPv6 CIDR /64 mask * refactor: increase rate limit to 1000 Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800 Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com> --- docs/api/swagger.md | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs/api') diff --git a/docs/api/swagger.md b/docs/api/swagger.md index 50191f18d..5368e8720 100644 --- a/docs/api/swagger.md +++ b/docs/api/swagger.md @@ -1,5 +1,16 @@ # API Documentation +## Rate limit + +To prevent abuse of the API an IP-based HTTP rate limit is in place, a maximum of 300 requests in a 5 minutes time window are allowed, every response will include the current status of the rate limit with the following headers: + +- `x-ratelimit-limit` maximum number of requests allowed per time period (fixed) +- `x-ratelimit-remaining` number of remaining requests that can still be performed +- `x-ratelimit-reset` unix timestamp when the rate limit will reset + +In case the rate limit is exceeded an HTTP 429 error is returned to the caller. + + GoToSocial uses [go-swagger](https://github.com/go-swagger/go-swagger) to generate a V2 [OpenAPI specification](https://swagger.io/specification/v2/) document from code annotations. The resulting API documentation is rendered below, for quick reference. -- cgit v1.2.3