From 26b5f86983b846c02d4b77916c218bf40a2622ff Mon Sep 17 00:00:00 2001 From: Teriuihi Date: Sat, 26 Apr 2025 23:14:33 +0200 Subject: [PATCH] Add rate limiting to LoginController endpoints Introduced a `@RateLimit` annotation to enforce limits on the `addLogin` and `login` methods in `LoginController`. This restricts the number of requests per minute to improve security and prevent abuse. --- .../altitudeweb/controllers/login/LoginController.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/backend/src/main/java/com/alttd/altitudeweb/controllers/login/LoginController.java b/backend/src/main/java/com/alttd/altitudeweb/controllers/login/LoginController.java index 8b81255..4abbe96 100644 --- a/backend/src/main/java/com/alttd/altitudeweb/controllers/login/LoginController.java +++ b/backend/src/main/java/com/alttd/altitudeweb/controllers/login/LoginController.java @@ -1,20 +1,27 @@ package com.alttd.altitudeweb.controllers.login; import com.alttd.altitudeweb.api.LoginApi; +import com.alttd.altitudeweb.controllers.limits.RateLimit; import com.alttd.altitudeweb.model.AddLoginDto; import com.alttd.altitudeweb.model.LoginDataDto; import com.alttd.altitudeweb.model.LoginResultDto; import org.springframework.http.HttpStatusCode; import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.server.ResponseStatusException; +import java.util.concurrent.TimeUnit; + +@RestController public class LoginController implements LoginApi { + @RateLimit(limit = 100, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "addLogin") @Override public ResponseEntity addLogin(AddLoginDto addLoginDto) { throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Adding login is not yet supported"); } + @RateLimit(limit = 5, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "login") @Override public ResponseEntity login(LoginDataDto loginDataDto) { throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Logging in is not yet supported");