From bee8458a2d12bdd42079fcb2c4ca88ebeafe305b Mon Sep 17 00:00:00 2001 From: nya1 Date: Wed, 31 Aug 2022 12:06:14 +0200 Subject: [feature] add rate limit middleware (#741) * feat: add rate limit middleware * chore: update vendor dir * chore: update readme with new dependency * chore: add rate limit infos to swagger.md file * refactor: add ipv6 mask limiter option Add IPv6 CIDR /64 mask * refactor: increase rate limit to 1000 Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800 Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com> --- internal/api/security/security.go | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'internal/api/security/security.go') diff --git a/internal/api/security/security.go b/internal/api/security/security.go index 578adfe47..f06862dd9 100644 --- a/internal/api/security/security.go +++ b/internal/api/security/security.go @@ -20,6 +20,7 @@ package security import ( "net/http" + "time" "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/db" @@ -45,6 +46,11 @@ func New(db db.DB, server oauth.Server) api.ClientModule { // Route attaches security middleware to the given router func (m *Module) Route(s router.Router) error { + s.AttachMiddleware(m.RateLimit(RateLimitOptions{ + // accept a maximum of 1000 requests in 5 minutes window + Period: 5 * time.Minute, + Limit: 1000, + })) s.AttachMiddleware(m.SignatureCheck) s.AttachMiddleware(m.FlocBlock) s.AttachMiddleware(m.ExtraHeaders) -- cgit v1.2.3