basic rate limit

src/api/mod.rs

@@ -3,9 +3,10 @@
 use crate::db_conn::Db;
 use crate::models::*;
 use crate::random_hasher::RandomHasher;
+use crate::rate_limit::MainLimiters;
 use crate::rds_conn::RdsConn;
 use crate::rds_models::*;
-use rocket::http::Status;
+use rocket::http::{Method, Status};
 use rocket::outcome::try_outcome;
 use rocket::request::{FromRequest, Outcome, Request};
 use rocket::response::{self, Responder};
@@ -91,6 +92,7 @@ impl<'r> FromRequest<'r> for CurrentUser {
     async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
         let rh = request.rocket().state::<RandomHasher>().unwrap();
         let rconn = try_outcome!(request.guard::<RdsConn>().await);
+        let limiters = request.rocket().state::<MainLimiters>().unwrap();
 
         if let Some(user) = {
             if let Some(token) = request.headers().get_one("User-Token") {
@@ -123,6 +125,11 @@ impl<'r> FromRequest<'r> for CurrentUser {
         } {
             if BannedUsers::has(&rconn, &user.namehash).await.unwrap() {
                 Outcome::Error((Status::Forbidden, ()))
+            } else if !limiters.check(
+                request.method() == Method::Post,
+                user.id.unwrap_or_default(),
+            ) {
+                Outcome::Error((Status::TooManyRequests, ()))
             } else {
                 Outcome::Success(user)
             }