Rate Limit the OAuth App spam - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 427da7a99a30ebc7a7deb54e7704b5d8dffea199
parent fbcfbde833b48f880fd4f55314e0d2a51186701b
Author: Mark Felder <feld@feld.me>
Date:   Wed,  4 Sep 2024 09:19:07 -0400

Rate Limit the OAuth App spam

Diffstat:
A changelog.d/oauth-app-spam.fix 1 +
M config/config.exs 1 +
M lib/pleroma/web/mastodon_api/controllers/app_controller.ex 2 ++

3 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/changelog.d/oauth-app-spam.fix b/changelog.d/oauth-app-spam.fix
@@ -0,0 +1 @@
+Add a rate limiter to the OAuth App creation endpoint
diff --git a/config/config.exs b/config/config.exs
@@ -711,6 +711,7 @@ config :pleroma, :rate_limit,
   timeline: {500, 3},
   search: [{1000, 10}, {1000, 30}],
   app_account_creation: {1_800_000, 25},
+  oauth_app_creation: {900_000, 5},
   relations_actions: {10_000, 10},
   relation_id_action: {60_000, 2},
   statuses_actions: {10_000, 15},
diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
+  plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
+
   plug(:skip_auth when action in [:create, :verify_credentials])
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)

A	changelog.d/oauth-app-spam.fix	1	+
M	config/config.exs	1	+
M	lib/pleroma/web/mastodon_api/controllers/app_controller.ex	2	++