Skip to content

rate-limiting: per-route limit buckets (search/item/write/login) #54

Description

@disconsented

Apply per-route rate-limit buckets, keyed and budgeted per endpoint group, aligned with the router in src/web/mod.rs.

Buckets (starting points — tune from real traffic)

Route group Key by Suggested budget
GET /api/list (search) IP ~10 / 10s, burst ~20
GET /api/item/{id}, /app/{id}, /apps IP ~30 / 10s
POST /api/property, /api/vote/property user id ~5 / 60s
GET /api/login, /api/verify (Steam OpenID) IP ~5 / 60s
/api/admin/** user id loose / none (already enforce_admin)

Scope

  • Attach limiter hoops to the matching Router nodes.
  • Set generous initial numbers so normal UI browsing never trips.
  • Keying writes/login by user id depends on the custom issuer (separate issue); use IP until that lands.

Depends on

Parent: #50

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions