Add rate limiting for search endpoints

diff --git a/config/config.exs b/config/config.exs
index 4e2b1703bc519400416b54c3690bc24555e99a83..d20d4fda91d13365fb72f7aacf30028aeb151497 100644 (file)
--- a/config/config.exs
+++ b/config/config.exs
@@ -503,6 +503,8 @@ config :pleroma, :database, rum_enabled: false
 config :http_signatures,
   adapter: Pleroma.Signature
 
+config :pleroma, :rate_limit, search: [{1000, 10}, {1000, 30}]
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{Mix.env()}.exs"

diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 92cd77f62f8201f4de7d2fa71a9d6a6fd900afd4..20b08fda40ad1afc5c748239e3771a59013d194b 100644 (file)
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -55,6 +55,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     when action in [:account_register]
   )
 
+  plug(Pleroma.Plugs.RateLimiter, :search when action in [:search, :search2, :account_search])
+
   @local_mastodon_name "Mastodon-Local"
 
   action_fallback(:errors)