From 61e8d7f640028eec1b056e71a85951a337195b9a Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Mon, 29 Jan 2024 04:12:03 +0100
Subject: [PATCH] Apply strict rate limiting to /api/v1/apps endpoint

---
 .../Controllers/Mastodon/MastodonAuthController.cs             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Iceshrimp.Backend/Controllers/Mastodon/MastodonAuthController.cs b/Iceshrimp.Backend/Controllers/Mastodon/MastodonAuthController.cs
index f31e0e3d..80960825 100644
--- a/Iceshrimp.Backend/Controllers/Mastodon/MastodonAuthController.cs
+++ b/Iceshrimp.Backend/Controllers/Mastodon/MastodonAuthController.cs
@@ -15,8 +15,8 @@ namespace Iceshrimp.Backend.Controllers.Mastodon;
 [Produces("application/json")]
 [Route("/api/v1")]
 public class MastodonAuthController(DatabaseContext db) : Controller {
-	[AuthenticateOauth]
 	[HttpGet("verify_credentials")]
+	[AuthenticateOauth]
 	[Produces("application/json")]
 	[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(MastodonAuth.VerifyCredentialsResponse))]
 	[ProducesResponseType(StatusCodes.Status401Unauthorized, Type = typeof(MastodonErrorResponse))]
@@ -33,6 +33,7 @@ public class MastodonAuthController(DatabaseContext db) : Controller {
 	}
 
 	[HttpPost("apps")]
+	[EnableRateLimiting("strict")]
 	[Consumes("application/json", "application/x-www-form-urlencoded", "multipart/form-data")]
 	[Produces("application/json")]
 	[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(MastodonAuth.RegisterAppResponse))]