dev: edge rate limit for email share

2026-01-07 21:50:25 -06:00 · 2024-11-16 20:04:10 -05:00
parent e0128aa88c
commit 59fa600f2b
2 changed files with 9 additions and 0 deletions
--- a/src/backend/src/services/ShareService.js
+++ b/src/backend/src/services/ShareService.js
@@ -266,6 +266,11 @@ class ShareService extends BaseService {
                // featureflag({ feature: 'share' }),
            ],
            handler: async (req, res) => {
+                const svc_edgeRateLimit = req.services.get('edge-rate-limit');
+                if ( ! svc_edgeRateLimit.check('verify-pass-recovery-token') ) {
+                    return res.status(429).send('Too many requests.');
+                }
+
                const actor = Actor.adapt(req.user);
                if ( ! (actor.type instanceof UserActorType) ) {
                    throw APIError.create('forbidden');
--- a/src/backend/src/services/abuse-prevention/EdgeRateLimitService.js
+++ b/src/backend/src/services/abuse-prevention/EdgeRateLimitService.js
@@ -44,6 +44,10 @@ class EdgeRateLimitService extends BaseService {
                limit: 10,
                window: 15 * MINUTE,
            },
+            ['share']: {
+                limit: 30,
+                window: 1 * MINUTE,
+            },
            ['send-confirm-email']: {
                limit: 10,
                window: HOUR,