entitlementcard icon indicating copy to clipboard operation
entitlementcard copied to clipboard

Published 20 hours ago verified publisher icon digitalfabrik

Rate limiting for createCard mutation

Open seluianova opened this issue 6 months ago • 6 comments

Is your feature request related to a problem? Please describe. Follow up to https://github.com/digitalfabrik/entitlementcard/issues/1421

Since this endpoint is not protected, it should be ensured that IPs with too many requests should be blocked, especially because the argon2id calculation is expensive.

Describe the solution you'd like Currently it's not clear how we can implement that. Javalin allows to add rate limiting for the entire graphql endpoint. This can be an option, but we need to decide which limit is right for us?

OR

We could create some custom solution, but not sure if makes sense (?)

Describe alternatives you've considered Maybe there is a possibility to implement limiting at the infrastructure level?

Additional context Add any other context or screenshots about the feature request here.

seluianova avatar Aug 14 '24 13:08 seluianova