mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-04 15:04:43 +00:00
Code Activity

fix: increase rate limit for frontend and api requests

Browse Source
This commit is contained in:
Elias Schneider
2026-01-24 20:29:50 +01:00
parent 56afebc242
commit aab7e364e8
3 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/frontend/frontend_excluded.go
View File

@@ -4,6 +4,6 @@ package frontend
import "github.com/gin-gonic/gin" import "github.com/gin-gonic/gin"
func RegisterFrontend(router *gin.Engine) error { func RegisterFrontend(router *gin.Engine, rateLimitMiddleware gin.HandlerFunc) error {
return ErrFrontendNotIncluded return ErrFrontendNotIncluded
} }

8
backend/frontend/frontend_included.go
View File

@@ -52,7 +52,7 @@ func init() {
} }
} }
func RegisterFrontend(router *gin.Engine) error { func RegisterFrontend(router *gin.Engine, rateLimitMiddleware gin.HandlerFunc) error {
distFS, err := fs.Sub(frontendFS, "dist") distFS, err := fs.Sub(frontendFS, "dist")
if err != nil { if err != nil {
return fmt.Errorf("failed to create sub FS: %w", err) return fmt.Errorf("failed to create sub FS: %w", err)
@@ -61,7 +61,7 @@ func RegisterFrontend(router *gin.Engine) error {
cacheMaxAge := time.Hour * 24 cacheMaxAge := time.Hour * 24
fileServer := NewFileServerWithCaching(http.FS(distFS), int(cacheMaxAge.Seconds())) fileServer := NewFileServerWithCaching(http.FS(distFS), int(cacheMaxAge.Seconds()))
router.NoRoute(func(c *gin.Context) { handler := func(c *gin.Context) {
path := strings.TrimPrefix(c.Request.URL.Path, "/") path := strings.TrimPrefix(c.Request.URL.Path, "/")
if strings.HasSuffix(path, "/") { if strings.HasSuffix(path, "/") {
@@ -97,7 +97,9 @@ func RegisterFrontend(router *gin.Engine) error {
// Serve other static assets with caching // Serve other static assets with caching
c.Request.URL.Path = "/" + path c.Request.URL.Path = "/" + path
fileServer.ServeHTTP(c.Writer, c.Request) fileServer.ServeHTTP(c.Writer, c.Request)
}) }
router.NoRoute(rateLimitMiddleware, handler)
return nil return nil
} }

11
backend/internal/bootstrap/router_bootstrap.go
View File

@@ -53,8 +53,6 @@ func initRouter(db *gorm.DB, svc *services) (utils.Service, error) {
r.Use(otelgin.Middleware(common.Name)) r.Use(otelgin.Middleware(common.Name))
} }
rateLimitMiddleware := middleware.NewRateLimitMiddleware().Add(rate.Every(time.Second), 60)
// Setup global middleware // Setup global middleware
r.Use(middleware.HeadMiddleware()) r.Use(middleware.HeadMiddleware())
r.Use(middleware.NewCacheControlMiddleware().Add()) r.Use(middleware.NewCacheControlMiddleware().Add())
@@ -62,7 +60,8 @@ func initRouter(db *gorm.DB, svc *services) (utils.Service, error) {
r.Use(middleware.NewCspMiddleware().Add()) r.Use(middleware.NewCspMiddleware().Add())
r.Use(middleware.NewErrorHandlerMiddleware().Add()) r.Use(middleware.NewErrorHandlerMiddleware().Add())
err := frontend.RegisterFrontend(r) frontendRateLimitMiddleware := middleware.NewRateLimitMiddleware().Add(rate.Every(100*time.Millisecond), 300)
err := frontend.RegisterFrontend(r, frontendRateLimitMiddleware)
if errors.Is(err, frontend.ErrFrontendNotIncluded) { if errors.Is(err, frontend.ErrFrontendNotIncluded) {
slog.Warn("Frontend is not included in the build. Skipping frontend registration.") slog.Warn("Frontend is not included in the build. Skipping frontend registration.")
} else if err != nil { } else if err != nil {
@@ -73,8 +72,10 @@ func initRouter(db *gorm.DB, svc *services) (utils.Service, error) {
authMiddleware := middleware.NewAuthMiddleware(svc.apiKeyService, svc.userService, svc.jwtService) authMiddleware := middleware.NewAuthMiddleware(svc.apiKeyService, svc.userService, svc.jwtService)
fileSizeLimitMiddleware := middleware.NewFileSizeLimitMiddleware() fileSizeLimitMiddleware := middleware.NewFileSizeLimitMiddleware()
apiRateLimitMiddleware := middleware.NewRateLimitMiddleware().Add(rate.Every(time.Second), 100)
// Set up API routes // Set up API routes
apiGroup := r.Group("/api", rateLimitMiddleware) apiGroup := r.Group("/api", apiRateLimitMiddleware)
controller.NewApiKeyController(apiGroup, authMiddleware, svc.apiKeyService) controller.NewApiKeyController(apiGroup, authMiddleware, svc.apiKeyService)
controller.NewWebauthnController(apiGroup, authMiddleware, middleware.NewRateLimitMiddleware(), svc.webauthnService, svc.appConfigService) controller.NewWebauthnController(apiGroup, authMiddleware, middleware.NewRateLimitMiddleware(), svc.webauthnService, svc.appConfigService)
controller.NewOidcController(apiGroup, authMiddleware, fileSizeLimitMiddleware, svc.oidcService, svc.jwtService) controller.NewOidcController(apiGroup, authMiddleware, fileSizeLimitMiddleware, svc.oidcService, svc.jwtService)
@@ -96,7 +97,7 @@ func initRouter(db *gorm.DB, svc *services) (utils.Service, error) {
} }
// Set up base routes // Set up base routes
baseGroup := r.Group("/", rateLimitMiddleware) baseGroup := r.Group("/", apiRateLimitMiddleware)
controller.NewWellKnownController(baseGroup, svc.jwtService) controller.NewWellKnownController(baseGroup, svc.jwtService)
// Set up healthcheck routes // Set up healthcheck routes