mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-22 08:06:55 +00:00
Rate Limit the OAuth App spam
This commit is contained in:
parent
fbcfbde833
commit
427da7a99a
3 changed files with 4 additions and 0 deletions
1
changelog.d/oauth-app-spam.fix
Normal file
1
changelog.d/oauth-app-spam.fix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add a rate limiter to the OAuth App creation endpoint
|
|
@ -711,6 +711,7 @@ config :pleroma, :rate_limit,
|
||||||
timeline: {500, 3},
|
timeline: {500, 3},
|
||||||
search: [{1000, 10}, {1000, 30}],
|
search: [{1000, 10}, {1000, 30}],
|
||||||
app_account_creation: {1_800_000, 25},
|
app_account_creation: {1_800_000, 25},
|
||||||
|
oauth_app_creation: {900_000, 5},
|
||||||
relations_actions: {10_000, 10},
|
relations_actions: {10_000, 10},
|
||||||
relation_id_action: {60_000, 2},
|
relation_id_action: {60_000, 2},
|
||||||
statuses_actions: {10_000, 15},
|
statuses_actions: {10_000, 15},
|
||||||
|
|
|
@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
|
|
||||||
|
plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
|
||||||
|
|
||||||
plug(:skip_auth when action in [:create, :verify_credentials])
|
plug(:skip_auth when action in [:create, :verify_credentials])
|
||||||
|
|
||||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||||
|
|
Loading…
Reference in a new issue