From ba6cf6d9388db685cde8522d6f996c7d8153736f Mon Sep 17 00:00:00 2001 From: Teriuihi Date: Sat, 26 Apr 2025 23:13:26 +0200 Subject: [PATCH] Add rate limiting to AppealController methods Introduced @RateLimit annotations to enforce request limits on the AppealController. The overall controller has a global limit of 30 requests per hour, while specific methods for Discord and Minecraft appeals are limited to 3 requests per hour. This aims to prevent abuse and improve system reliability. --- .../controllers/application/AppealController.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/backend/src/main/java/com/alttd/altitudeweb/controllers/application/AppealController.java b/backend/src/main/java/com/alttd/altitudeweb/controllers/application/AppealController.java index e8b8ee7..f1e672a 100644 --- a/backend/src/main/java/com/alttd/altitudeweb/controllers/application/AppealController.java +++ b/backend/src/main/java/com/alttd/altitudeweb/controllers/application/AppealController.java @@ -1,21 +1,29 @@ package com.alttd.altitudeweb.controllers.application; import com.alttd.altitudeweb.api.AppealsApi; +import com.alttd.altitudeweb.controllers.limits.RateLimit; import com.alttd.altitudeweb.model.AppealResponseDto; import com.alttd.altitudeweb.model.DiscordAppealDto; import com.alttd.altitudeweb.model.MinecraftAppealDto; import com.alttd.altitudeweb.model.UpdateMailDto; import org.springframework.http.HttpStatusCode; import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.server.ResponseStatusException; +import java.util.concurrent.TimeUnit; + +@RestController +@RateLimit(limit = 30, timeValue = 1, timeUnit = TimeUnit.HOURS) public class AppealController implements AppealsApi { + @RateLimit(limit = 3, timeValue = 1, timeUnit = TimeUnit.HOURS, key = "discordAppeal") @Override public ResponseEntity submitDiscordAppeal(DiscordAppealDto discordAppealDto) { throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Discord appeals are not yet supported"); } + @RateLimit(limit = 3, timeValue = 1, timeUnit = TimeUnit.HOURS, key = "minecraftAppeal") @Override public ResponseEntity submitMinecraftAppeal(MinecraftAppealDto minecraftAppealDto) { throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Minecraft appeals are not yet supported");