[feature] add rate limit middleware (#741)

* feat: add rate limit middleware

* chore: update vendor dir

* chore: update readme with new dependency

* chore: add rate limit infos to swagger.md file

* refactor: add ipv6 mask limiter option

Add IPv6 CIDR /64 mask

* refactor: increase rate limit to 1000

Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
This commit is contained in:
nya1
2022-08-31 12:06:14 +02:00
committed by GitHub
parent daec9ab10e
commit bee8458a2d
43 changed files with 4692 additions and 443 deletions

View File

@@ -1,5 +1,16 @@
# API Documentation
## Rate limit
To prevent abuse of the API an IP-based HTTP rate limit is in place, a maximum of 300 requests in a 5 minutes time window are allowed, every response will include the current status of the rate limit with the following headers:
- `x-ratelimit-limit` maximum number of requests allowed per time period (fixed)
- `x-ratelimit-remaining` number of remaining requests that can still be performed
- `x-ratelimit-reset` unix timestamp when the rate limit will reset
In case the rate limit is exceeded an HTTP 429 error is returned to the caller.
GoToSocial uses [go-swagger](https://github.com/go-swagger/go-swagger) to generate a V2 [OpenAPI specification](https://swagger.io/specification/v2/) document from code annotations.
The resulting API documentation is rendered below, for quick reference.