Altitude/AltitudeWeb
5
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Altitude:643545a18a6e929bd30f51b5cd30b4f016004dcb
Branches Tags
Altitude:master
Altitude:edit-punishments
Altitude:bans
Altitude:textures
Altitude:particles
...
compare: Altitude:26b5f86983b846c02d4b77916c218bf40a2622ff
Branches Tags
Altitude:master
Altitude:edit-punishments
Altitude:bans
Altitude:textures
Altitude:particles

2 Commits
643545a18a ... 26b5f86983

Author SHA1 Message Date
Teriuihi 26b5f86983 Add rate limiting to LoginController endpoints 
Introduced a `@RateLimit` annotation to enforce limits on the `addLogin` and `login` methods in `LoginController`. This restricts the number of requests per minute to improve security and prevent abuse.
 2025-04-26 23:14:33 +02:00
Teriuihi ba6cf6d938 Add rate limiting to AppealController methods 
Introduced @RateLimit annotations to enforce request limits on the AppealController. The overall controller has a global limit of 30 requests per hour, while specific methods for Discord and Minecraft appeals are limited to 3 requests per hour. This aims to prevent abuse and improve system reliability.
 2025-04-26 23:13:26 +02:00
2 changed files with 15 additions and 0 deletions
Show Stats Expand all files Collapse all files

8
backend/src/main/java/com/alttd/altitudeweb/controllers/application/AppealController.java
View File

@ -1,21 +1,29 @@
package com.alttd.altitudeweb.controllers.application;
import com.alttd.altitudeweb.api.AppealsApi;
import com.alttd.altitudeweb.controllers.limits.RateLimit;
import com.alttd.altitudeweb.model.AppealResponseDto;
import com.alttd.altitudeweb.model.DiscordAppealDto;
import com.alttd.altitudeweb.model.MinecraftAppealDto;
import com.alttd.altitudeweb.model.UpdateMailDto;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
import java.util.concurrent.TimeUnit;
@RestController
@RateLimit(limit = 30, timeValue = 1, timeUnit = TimeUnit.HOURS)
public class AppealController implements AppealsApi {
@RateLimit(limit = 3, timeValue = 1, timeUnit = TimeUnit.HOURS, key = "discordAppeal")
@Override
public ResponseEntity<MinecraftAppealDto> submitDiscordAppeal(DiscordAppealDto discordAppealDto) {
throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Discord appeals are not yet supported");
}
@RateLimit(limit = 3, timeValue = 1, timeUnit = TimeUnit.HOURS, key = "minecraftAppeal")
@Override
public ResponseEntity<AppealResponseDto> submitMinecraftAppeal(MinecraftAppealDto minecraftAppealDto) {
throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Minecraft appeals are not yet supported");

7
backend/src/main/java/com/alttd/altitudeweb/controllers/login/LoginController.java
View File

@ -1,20 +1,27 @@
package com.alttd.altitudeweb.controllers.login;
import com.alttd.altitudeweb.api.LoginApi;
import com.alttd.altitudeweb.controllers.limits.RateLimit;
import com.alttd.altitudeweb.model.AddLoginDto;
import com.alttd.altitudeweb.model.LoginDataDto;
import com.alttd.altitudeweb.model.LoginResultDto;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
import java.util.concurrent.TimeUnit;
@RestController
public class LoginController implements LoginApi {
@RateLimit(limit = 100, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "addLogin")
@Override
public ResponseEntity<Void> addLogin(AddLoginDto addLoginDto) {
throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Adding login is not yet supported");
}
@RateLimit(limit = 5, timeValue = 1, timeUnit = TimeUnit.MINUTES, key = "login")
@Override
public ResponseEntity<LoginResultDto> login(LoginDataDto loginDataDto) {
throw new ResponseStatusException(HttpStatusCode.valueOf(501), "Logging in is not yet supported");