Fix architecture issues from todolist
- Add documentation warnings for in-memory rate limiting and failed login attempts - Consolidate duplicate health endpoints into api/health.py - Fix CLI to use correct async rescan method names - Update download.py and anime.py to use custom exception classes - Add WebSocket room validation and rate limiting
This commit is contained in:
@@ -8,6 +8,17 @@ Responsibilities:
|
||||
This middleware is intentionally lightweight and synchronous.
|
||||
For production use consider a distributed rate limiter (Redis) and
|
||||
a proper token revocation store.
|
||||
|
||||
WARNING - SINGLE PROCESS LIMITATION:
|
||||
Rate limiting state is stored in memory dictionaries which RESET when
|
||||
the process restarts. This means:
|
||||
- Attackers can bypass rate limits by triggering a process restart
|
||||
- Rate limits are not shared across multiple workers/processes
|
||||
|
||||
For production deployments, consider:
|
||||
- Using Redis-backed rate limiting (e.g., slowapi with Redis)
|
||||
- Running behind a reverse proxy with rate limiting (nginx, HAProxy)
|
||||
- Using a dedicated rate limiting service
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
|
||||
Reference in New Issue
Block a user