From 2bdebb71b76fb29537f4078f1b749e47203b1309 Mon Sep 17 00:00:00 2001
From: akastijn <akastijn@alttd.com>
Date: Sun, 2 Nov 2025 23:03:00 +0100
Subject: [PATCH] Add rate limiting to `getStaffPlaytime` and `getVoteStats`
 endpoints

---
 .../com/alttd/altitudeweb/controllers/site/SiteController.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/src/main/java/com/alttd/altitudeweb/controllers/site/SiteController.java b/backend/src/main/java/com/alttd/altitudeweb/controllers/site/SiteController.java
index a2c6573..cc0ed02 100644
--- a/backend/src/main/java/com/alttd/altitudeweb/controllers/site/SiteController.java
+++ b/backend/src/main/java/com/alttd/altitudeweb/controllers/site/SiteController.java
@@ -32,6 +32,7 @@ public class SiteController implements SiteApi {
     private final StaffPtService staffPtService;
 
     @Override
+    @RateLimit(limit = 1, timeValue = 1, timeUnit = TimeUnit.SECONDS, key = "getStaffPlaytime")
     public ResponseEntity<StaffPlaytimeListDto> getStaffPlaytime(OffsetDateTime from, OffsetDateTime to) {
         Optional<List<StaffPlaytimeDto>> staffPlaytimeDto = staffPtService.getStaffPlaytime(from.toInstant(), to.toInstant());
         if (staffPlaytimeDto.isEmpty()) {
@@ -43,6 +44,7 @@ public class SiteController implements SiteApi {
     }
 
     @Override
+    @RateLimit(limit = 5, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "getVoteStats")
     public ResponseEntity<VoteDataDto> getVoteStats() {
         UUID uuid = authenticatedUuid.getAuthenticatedUserUuid();
         Optional<VoteDataDto> optionalVoteDataDto = voteService.getVoteStats(uuid);