feat: common attachment endpoint follow-up changes (#7826)

2023-09-01 15:18:48 +07:00
parent 2acf09b3eb
commit 9ebabb9832
14 changed files with 11 additions and 114 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -137,6 +137,11 @@ class Rack::Attack
    match_data[:account_id] if match_data.present?
  end

+  ## Prevent Abuse of attachment upload APIs ##
+  throttle('/api/v1/upload', limit: 60, period: 1.hour) do |req|
+    req.ip if req.path_without_extentions == '/api/v1/upload' && req.post?
+  end
+
  ## ----------------------------------------------- ##
 end