SpeckleServer
SpeckleServer copied to clipboard
Rate Limiting
Step 0:
- [x] I've read the contribution guidelines!
To be able to provide consistent experiences and protect form malicious attacks, we need to implement some sort of (generous) rate-limiting mechanism for all REST & WS api endpoints per token, and per route. Ie, objectGet
should be relaxed; as opposed to accounts/login
😎
is this the point when we consider an API gateway to handle this stuff (auth, rate, etc) ?
i don't think so (for sure not for auth). speckle's not composed of microservices, so the benefits of an api gateway are reduced in this scenario.
was more thinking of a simple redis solution. we'll see. I've added the relevant milestone for this issue 😅