Apply existing rate limiting to scratch read routes.

Reuse the current IP-based limiter for read endpoints so public reads remain open but throttled, and add integration coverage plus docs updates for the expanded scope.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
2026-05-31 21:09:25 -05:00
parent dbb72da312
commit 8bec7f0dda
4 changed files with 55 additions and 8 deletions
+1 -1
View File
@@ -84,7 +84,7 @@ All configuration is YAML.
- `trusted_proxy_ips`: list of reverse-proxy IPs/CIDRs permitted to supply forwarded headers.
- Required when `trust_proxy_headers: true`
- Examples: `127.0.0.1`, `10.0.0.0/8`
- `rate_limit.enabled`: enable per-IP token-bucket rate limiting on write route.
- `rate_limit.enabled`: enable per-IP token-bucket rate limiting on write and scratch-read routes (`POST /api/scratch`, `GET /api/scratch/{id}`, `GET /s/{id}`, `GET /api/raw/{id}`).
- Default: `true`
- `rate_limit.requests_per_minute`: steady refill rate per client IP.
- Must be `> 0`