Tampermonkey user script offering an interface to perform pseudo-automatic searches of the FetLife.com user base filtered by age, sex, location, and role.
Currently it would be possible to flood the API with requests.
While it should be able to handle significant API requests, it should not be floodable.
Best would be two limits:
On GET
On PUT
Limiting searches to 2 or 3 per minute per user would be fine.
The POST API could get more load, but also closes the connection way faster. I think 25 per 5 minutes would be prudent
This would not prevent against DDOS however, DDOS protection could be added by limiting the connections to the SQL server and using decent networking solutions. That way the service would still go down, but with minimal damage to other services.
Description
Currently it would be possible to flood the API with requests. While it should be able to handle significant API requests, it should not be floodable.
Best would be two limits:
Limiting searches to 2 or 3 per minute per user would be fine. The POST API could get more load, but also closes the connection way faster. I think 25 per 5 minutes would be prudent
This would not prevent against DDOS however, DDOS protection could be added by limiting the connections to the SQL server and using decent networking solutions. That way the service would still go down, but with minimal damage to other services.
Suggested plugin for per-user rate limiting: https://www.npmjs.com/package/express-rate-limit
Category
TODO