Add rate-limiting to the token endpoints

2026-05-31 12:51:35 +02:00 · 2017-10-26 14:11:31 +01:00
parent 8a2acd7138
commit d2a17c2745
1 changed files with 10 additions and 0 deletions
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@@ -340,9 +340,19 @@ module.exports = class Router


 		webRouter.get '/read/:read_only_token([a-z]+)',
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: 'read-only-token',
+				maxRequests: 10,
+				timeInterval: 60
+			}),
 			TokenAccessController.readOnlyToken

 		webRouter.get '/:read_and_write_token([0-9]+[a-z]+)',
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: 'read-and-write-token',
+				maxRequests: 10,
+				timeInterval: 60
+			}),
 			TokenAccessController.readAndWriteToken

 		webRouter.get '*', ErrorController.notFound