From d1eff9084b6c7fe2629699a12452c38fe5d84cf7 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Fri, 14 Feb 2025 12:36:16 +0000 Subject: [PATCH] Rate limit changes (fixes #5287) (#5421) * Stricter rate limit for fetching link metadata (fixes #5287) * Switch to search rate limit * use search rate limit for resolve object * pictrs rate limit * undo test change * fix --- src/api_routes_v3.rs | 22 +++++++++++++++------- src/api_routes_v4.rs | 16 ++++++++++++---- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/src/api_routes_v3.rs b/src/api_routes_v3.rs index 8fab1b1485..4c574ecf4c 100644 --- a/src/api_routes_v3.rs +++ b/src/api_routes_v3.rs @@ -137,9 +137,13 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { .wrap(rate_limit.image()) .route(post().to(upload_image)), ) - .service(resource("/pictrs/image/{filename}").route(get().to(get_image))) - .service(resource("/pictrs/image/delete/{token}/{filename}").route(get().to(delete_image))) - .service(resource("/pictrs/healthz").route(get().to(pictrs_health))) + .service( + scope("/pictrs") + .wrap(rate_limit.message()) + .route("/image/{filename}", get().to(get_image)) + .route("/image/delete/{token}/{filename}", get().to(delete_image)) + .route("/healthz", get().to(pictrs_health)), + ) .service( scope("/api/v3") .route("/image_proxy", get().to(image_proxy)) @@ -165,7 +169,7 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { ) .service( resource("/resolve_object") - .wrap(rate_limit.message()) + .wrap(rate_limit.search()) .route(get().to(resolve_object)), ) // Community @@ -198,12 +202,17 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { ) // Post .service( - // Handle POST to /post separately to add the post() rate limitter resource("/post") + // Handle POST to /post separately to add the post() rate limitter .guard(guard::Post()) .wrap(rate_limit.post()) .route(post().to(create_post)), ) + .service( + resource("/post/site_metadata") + .wrap(rate_limit.search()) + .route(get().to(get_link_metadata)), + ) .service( scope("/post") .wrap(rate_limit.message()) @@ -220,8 +229,7 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { .route("/like/list", get().to(list_post_likes)) .route("/save", put().to(save_post)) .route("/report", post().to(create_post_report)) - .route("/report/resolve", put().to(resolve_post_report)) - .route("/site_metadata", get().to(get_link_metadata)), + .route("/report/resolve", put().to(resolve_post_report)), ) // Comment .service( diff --git a/src/api_routes_v4.rs b/src/api_routes_v4.rs index fd92246b8d..0ba24991a1 100644 --- a/src/api_routes_v4.rs +++ b/src/api_routes_v4.rs @@ -197,7 +197,11 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { .wrap(rate_limit.search()) .route(get().to(search)), ) - .route("/resolve_object", get().to(resolve_object)) + .service( + resource("/resolve_object") + .wrap(rate_limit.search()) + .route(get().to(resolve_object)), + ) // Community .service( resource("/community") @@ -233,12 +237,17 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { .route("/federated_instances", get().to(get_federated_instances)) // Post .service( - // Handle POST to /post separately to add the post() rate limitter resource("/post") + // Handle POST to /post separately to add the post() rate limitter .guard(guard::Post()) .wrap(rate_limit.post()) .route(post().to(create_post)), ) + .service( + resource("/post/site_metadata") + .wrap(rate_limit.search()) + .route(get().to(get_link_metadata)), + ) .service( scope("/post") .route("", get().to(get_post)) @@ -255,8 +264,7 @@ pub fn config(cfg: &mut ServiceConfig, rate_limit: &RateLimitCell) { .route("/like/list", get().to(list_post_likes)) .route("/save", put().to(save_post)) .route("/report", post().to(create_post_report)) - .route("/report/resolve", put().to(resolve_post_report)) - .route("/site_metadata", get().to(get_link_metadata)), + .route("/report/resolve", put().to(resolve_post_report)), ) // Comment .service(