Merge remote-tracking branch 'gitea/develop' into feat/page-templates
# Conflicts: # apps/server/src/integrations/throttle/throttle.module.ts # apps/server/src/integrations/throttle/throttler-names.ts
This commit is contained in:
@@ -8,6 +8,7 @@ import {
|
||||
AUTH_THROTTLER,
|
||||
AI_CHAT_THROTTLER,
|
||||
PAGE_TEMPLATE_THROTTLER,
|
||||
PUBLIC_SHARE_AI_THROTTLER,
|
||||
} from './throttler-names';
|
||||
import Redis from 'ioredis';
|
||||
|
||||
@@ -27,6 +28,8 @@ import Redis from 'ioredis';
|
||||
// a scripted client could drive heavy content fan-out. 30 req/min
|
||||
// per user is plenty for legitimate render-time batched lookups.
|
||||
{ name: PAGE_TEMPLATE_THROTTLER, ttl: 60_000, limit: 30 },
|
||||
// Anonymous public-share assistant: ~5 req/min per IP.
|
||||
{ name: PUBLIC_SHARE_AI_THROTTLER, ttl: 60_000, limit: 5 },
|
||||
],
|
||||
errorMessage: 'Too many requests',
|
||||
storage: new ThrottlerStorageRedisService(
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
export const AUTH_THROTTLER = 'auth';
|
||||
export const AI_CHAT_THROTTLER = 'ai-chat';
|
||||
export const PAGE_TEMPLATE_THROTTLER = 'page-template';
|
||||
// IP-keyed throttler for the anonymous public-share AI assistant. There is no
|
||||
// authenticated user on that route, so it is keyed by client IP (the default
|
||||
// ThrottlerGuard tracker) to bound anonymous abuse — the workspace owner pays
|
||||
// for the tokens.
|
||||
export const PUBLIC_SHARE_AI_THROTTLER = 'public-share-ai';
|
||||
|
||||
Reference in New Issue
Block a user