From 54c398c5faeeffa80acbbccf9ea3d4cae745117e Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Fri, 27 Dec 2024 13:16:33 -0600
Subject: [PATCH] Ratelimit /followers and /following endpoints

---
 src/app.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/app.ts b/src/app.ts
index 5e9edee6..b8cd7a83 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -229,8 +229,16 @@ app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/mute', requireSigner, muteContr
 app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/unmute', requireSigner, unmuteController);
 app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/follow', requireSigner, followController);
 app.post('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/unfollow', requireSigner, unfollowController);
-app.get('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/followers', followersController);
-app.get('/api/v1/accounts/:pubkey{[0-9a-f]{64}}/following', followingController);
+app.get(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/followers',
+  rateLimitMiddleware(8, Time.seconds(30)),
+  followersController,
+);
+app.get(
+  '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/following',
+  rateLimitMiddleware(8, Time.seconds(30)),
+  followingController,
+);
 app.get(
   '/api/v1/accounts/:pubkey{[0-9a-f]{64}}/statuses',
   rateLimitMiddleware(12, Time.seconds(30)),