Rate Limit the OAuth App spam

2024-11-13 12:31:13 +00:00 · 2024-09-04 09:19:07 -04:00 · 2024-09-04 09:19:07 -04:00 · 427da7a99a
commit 427da7a99a
parent fbcfbde833
3 changed files with 4 additions and 0 deletions
--- a/changelog.d/oauth-app-spam.fix
+++ b/changelog.d/oauth-app-spam.fix
@ -0,0 +1 @@
+Add a rate limiter to the OAuth App creation endpoint
--- a/config/config.exs
+++ b/config/config.exs
@ -711,6 +711,7 @@ config :pleroma, :rate_limit,
  timeline: {500, 3},
  search: [{1000, 10}, {1000, 30}],
  app_account_creation: {1_800_000, 25},
+  oauth_app_creation: {900_000, 5},
  relations_actions: {10_000, 10},
  relation_id_action: {60_000, 2},
  statuses_actions: {10_000, 15},
--- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do

  action_fallback(Pleroma.Web.MastodonAPI.FallbackController)

+  plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
+
  plug(:skip_auth when action in [:create, :verify_credentials])

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
				`@ -0,0 +1 @@`
				`Add a rate limiter to the OAuth App creation endpoint`