Altitude/AltitudeWeb
5
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects Releases Wiki Activity

Add rate limiting to LoginController endpoints

Browse Source 
Introduced a `@RateLimit` annotation to enforce limits on the `addLogin` and `login` methods in `LoginController`. This restricts the number of requests per minute to improve security and prevent abuse.
This commit is contained in:
Teriuihi 2025-04-26 23:14:33 +02:00
parent ba6cf6d938
commit 26b5f86983
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/main/java/com/alttd/altitudeweb/controllers/login/LoginController.java
View File

@ -1,20 +1,27 @@
package com.alttd.altitudeweb.controllers.login;
import com.alttd.altitudeweb.api.LoginApi;
import com.alttd.altitudeweb.controllers.limits.RateLimit;
import com.alttd.altitudeweb.model.AddLoginDto;
import com.alttd.altitudeweb.model.LoginDataDto;
import com.alttd.altitudeweb.model.LoginResultDto;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
import java.util.concurrent.TimeUnit;
@RestController
public class LoginController implements LoginApi {
@RateLimit(limit = 100, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "addLogin")
@Override
public ResponseEntity<Void> addLogin(AddLoginDto addLoginDto) {
throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Adding login is not yet supported");
}
@RateLimit(limit = 5, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "login")
@Override
public ResponseEntity<LoginResultDto> login(LoginDataDto loginDataDto) {
throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Logging in is not yet supported");