feat(api): merkezi rate limiting sistemi ekle

Yeni rate-limiter middleware modülü oluşturuldu. loginLimiter (5 istek/dakika), apiLimiter (30 istek/dakika) ve uploadLimiter (10 istek/dakika) tanımlandı. Auth, loop, timer ve torrent rotalarına rate limiting uygulandı. Torrent rotalarında SHA-1 hash validasyonu eklendi.
2026-01-04 23:38:15 +03:00
parent b7a460596e
commit 377971411a
5 changed files with 68 additions and 24 deletions
--- a/apps/server/src/loop/loop.routes.ts
+++ b/apps/server/src/loop/loop.routes.ts
@@ -10,10 +10,11 @@ import { config } from "../config";
 import { setArchiveStatus } from "../torrent/torrent.archive";
 import { nowIso } from "../utils/time";
 import { readLoopLogs } from "../storage/loopLogs";
+import { apiLimiter } from "../middleware/rate-limiter";

 const router = Router();

-router.post("/start", async (req, res) => {
+router.post("/start", apiLimiter, async (req, res) => {
  const parsed = loopStartSchema.safeParse(req.body);
  if (!parsed.success) {
    return res.status(400).json({ error: parsed.error.flatten() });
@@ -70,7 +71,7 @@ router.post("/start", async (req, res) => {
  res.json(job);
 });

-router.post("/stop/:jobId", async (req, res) => {
+router.post("/stop/:jobId", apiLimiter, async (req, res) => {
  const { jobId } = req.params;
  const job = await stopLoopJob(jobId);
  if (!job) {
@@ -85,7 +86,7 @@ router.post("/stop/:jobId", async (req, res) => {
  res.json(job);
 });

-router.post("/stop-by-hash", async (req, res) => {
+router.post("/stop-by-hash", apiLimiter, async (req, res) => {
  const { hash } = req.body ?? {};
  if (!hash) {
    return res.status(400).json({ error: "Missing hash" });