From 6b54405003df8984182b3b2b08295ae127d52b74 Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Fri, 22 Nov 2024 13:53:41 -0500
Subject: [PATCH] add default / fallback rate limit

---
 packages/backend/src/server/api/ApiCallService.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts
index 016db6ac19..6f51825494 100644
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@@ -311,7 +311,15 @@ export class ApiCallService implements OnApplicationShutdown {
 			throw new ApiError(accessDenied);
 		}
 
-		if (ep.meta.limit) {
+		// For endpoints without a limit, the default is 10 calls per second
+		const endpointLimit: IEndpointMeta['limit'] = ep.meta.limit ?? {
+			duration: 1000,
+			max: 10,
+		};
+
+		// We don't need this check, but removing it would cause a big merge conflict.
+		// eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+		if (endpointLimit) {
 			// koa will automatically load the `X-Forwarded-For` header if `proxy: true` is configured in the app.
 			let limitActor: string;
 			if (user) {
@@ -320,7 +328,7 @@ export class ApiCallService implements OnApplicationShutdown {
 				limitActor = getIpHash(request.ip);
 			}
 
-			const limit = Object.assign({}, ep.meta.limit);
+			const limit = Object.assign({}, endpointLimit);
 
 			if (limit.key == null) {
 				(limit as any).key = ep.name;
-- 
GitLab