Apply per-route rate-limit buckets, keyed and budgeted per endpoint group, aligned with the router in src/web/mod.rs.
Buckets (starting points — tune from real traffic)
| Route group |
Key by |
Suggested budget |
GET /api/list (search) |
IP |
~10 / 10s, burst ~20 |
GET /api/item/{id}, /app/{id}, /apps |
IP |
~30 / 10s |
POST /api/property, /api/vote/property |
user id |
~5 / 60s |
GET /api/login, /api/verify (Steam OpenID) |
IP |
~5 / 60s |
/api/admin/** |
user id |
loose / none (already enforce_admin) |
Scope
- Attach limiter
hoops to the matching Router nodes.
- Set generous initial numbers so normal UI browsing never trips.
- Keying writes/login by user id depends on the custom issuer (separate issue); use IP until that lands.
Depends on
Parent: #50
Apply per-route rate-limit buckets, keyed and budgeted per endpoint group, aligned with the router in
src/web/mod.rs.Buckets (starting points — tune from real traffic)
GET /api/list(search)GET /api/item/{id},/app/{id},/appsPOST /api/property,/api/vote/propertyGET /api/login,/api/verify(Steam OpenID)/api/admin/**enforce_admin)Scope
hoops to the matchingRouternodes.Depends on
Parent: #50