mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-21 23:56:30 +00:00
Rate Limit the OAuth App spam
This commit is contained in:
parent
fbcfbde833
commit
427da7a99a
3 changed files with 4 additions and 0 deletions
1
changelog.d/oauth-app-spam.fix
Normal file
1
changelog.d/oauth-app-spam.fix
Normal file
|
@ -0,0 +1 @@
|
|||
Add a rate limiter to the OAuth App creation endpoint
|
|
@ -711,6 +711,7 @@ config :pleroma, :rate_limit,
|
|||
timeline: {500, 3},
|
||||
search: [{1000, 10}, {1000, 30}],
|
||||
app_account_creation: {1_800_000, 25},
|
||||
oauth_app_creation: {900_000, 5},
|
||||
relations_actions: {10_000, 10},
|
||||
relation_id_action: {60_000, 2},
|
||||
statuses_actions: {10_000, 15},
|
||||
|
|
|
@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
|
|||
|
||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||
|
||||
plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
|
||||
|
||||
plug(:skip_auth when action in [:create, :verify_credentials])
|
||||
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
|
|
Loading…
Reference in a new issue