Implement a ratelimit for Web App Form endpoints (vibe-kanban 033e0d0d)

Prevent adversaries from brute-frocing the form token.
2026-05-03 08:58:09 +08:00 · 2026-01-27 07:48:00 +08:00
parent b59713b980
commit 9bbe63c1d8
4 changed files with 120 additions and 2 deletions
--- a/api/controllers/web/error.py
+++ b/api/controllers/web/error.py
@ -117,6 +117,12 @@ class InvokeRateLimitError(BaseHTTPException):
    code = 429


+class WebFormRateLimitExceededError(BaseHTTPException):
+    error_code = "web_form_rate_limit_exceeded"
+    description = "Too many form requests. Please try again later."
+    code = 429
+
+
 class NotFoundError(BaseHTTPException):
    error_code = "not_found"
    code = 404