feat: add ratelimit to every endpoint to prevent ddos.

FOSS-Community · Sep 21, 2024 · 38cbf35 · 38cbf35
1 parent 28c8bb6
commit 38cbf35
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/paste/main.py b/src/paste/main.py
@@ -104,6 +104,7 @@ async def post_as_a_file(request: Request, file: UploadFile = File(...)) -> Plai
 
 
 @app.get("/paste/{uuid}")
+@limiter.limit("100/minute")
 async def get_paste_data(uuid: str, user_agent: Optional[str] = Header(None)) -> Response:
     if not "." in uuid:
         uuid = _find_without_extension(uuid)
@@ -234,11 +235,13 @@ async def get_paste_data(uuid: str, user_agent: Optional[str] = Header(None)) ->
 
 
 @app.get("/", response_class=HTMLResponse)
+@limiter.limit("100/minute")
 async def indexpage(request: Request) -> Response:
     return templates.TemplateResponse("index.html", {"request": request})
 
 
 @app.delete("/paste/{uuid}", response_class=PlainTextResponse)
+@limiter.limit("100/minute")
 async def delete_paste(uuid: str) -> PlainTextResponse:
     path: str = f"data/{uuid}"
     try:
@@ -253,6 +256,7 @@ async def delete_paste(uuid: str) -> PlainTextResponse:
 
 
 @app.get("/web", response_class=HTMLResponse)
+@limiter.limit("100/minute")
 async def web(request: Request) -> Response:
     return templates.TemplateResponse("web.html", {"request": request})
 
@@ -283,11 +287,13 @@ async def web_post(request: Request, content: str = Form(...), extension: Option
 
 
 @app.get("/health", status_code=status.HTTP_200_OK)
+@limiter.limit("100/minute")
 async def health() -> dict[str, str]:
     return {"status": "ok"}
 
 
 @app.get("/languages.json", response_class=JSONResponse)
+@limiter.limit("100/minute")
 async def get_languages() -> JSONResponse:
     try:
         with open(Path(BASE_DIR, "languages.json"), "r") as file: