API v3 Rate Limiter (#12117)

* simplify ip address management by using the trust proxy express option * add setupExpress file * fix redirects middleware tests * fix lint * short circuit the ip blocking middleware * basic implementation with ip based limiting * improve logging * upgrade apidoc * apidoc: add introduction section * fix lint * fix tests * fix lint * add unit tests for rate limiter * do not send retry-after header when points are available * automatically fix lint * fix more lint issues * use userId as key for rate limit when available
2025-12-19 07:37:25 +01:00 · 2020-07-17 16:13:51 +02:00
parent e3bcc48481
commit e7c8833c9a
15 changed files with 332 additions and 61 deletions
--- a/website/server/libs/errors.js
+++ b/website/server/libs/errors.js
@@ -54,6 +54,19 @@ export const { NotFound } = common.errors;
 */
 export const { Forbidden } = common.errors;

+/**
+ * @apiDefine TooManyRequests
+ * @apiError TooManyRequests The client made too many requests to the API and was rate limited.
+ *
+ * @apiErrorExample Error-Response:
+ *     HTTP/1.1 429 TooManyRequests
+ *     {
+ *       "error": "TooManyRequests",
+ *       "message": "Access forbidden."
+ *     }
+ */
+export const { TooManyRequests } = common.errors;
+
 /**
 * @apiDefine NotificationNotFound
 * @apiError NotificationNotFound The notification was not found.