[feature] add rate limit middleware (#741)

* feat: add rate limit middleware * chore: update vendor dir * chore: update readme with new dependency * chore: add rate limit infos to swagger.md file * refactor: add ipv6 mask limiter option Add IPv6 CIDR /64 mask * refactor: increase rate limit to 1000 Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800 Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
2025-10-29 04:22:24 -05:00 · 2022-08-31 12:06:14 +02:00 · 2022-08-31 12:06:14 +02:00 · bee8458a2d
commit bee8458a2d
parent daec9ab10e
43 changed files with 4692 additions and 443 deletions
--- a/docs/api/swagger.md
+++ b/docs/api/swagger.md
@ -1,5 +1,16 @@
 # API Documentation

+## Rate limit
+
+To prevent abuse of the API an IP-based HTTP rate limit is in place, a maximum of 300 requests in a 5 minutes time window are allowed, every response will include the current status of the rate limit with the following headers:
+
+- `x-ratelimit-limit` maximum number of requests allowed per time period (fixed)
+- `x-ratelimit-remaining` number of remaining requests that can still be performed
+- `x-ratelimit-reset` unix timestamp when the rate limit will reset
+
+In case the rate limit is exceeded an HTTP 429 error is returned to the caller.
+
+
 GoToSocial uses [go-swagger](https://github.com/go-swagger/go-swagger) to generate a V2 [OpenAPI specification](https://swagger.io/specification/v2/) document from code annotations.

 The resulting API documentation is rendered below, for quick reference.