From 3f5df18d6c0bb65b4b331dd1b8fc997c95499249 Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Mon, 14 Jul 2025 21:12:00 +0000
Subject: [PATCH] fix(api): also rate limit etapi docs endpoint

---
 apps/server/src/etapi/spec.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/server/src/etapi/spec.ts b/apps/server/src/etapi/spec.ts
index 7ef963f8f..04b814c8c 100644
--- a/apps/server/src/etapi/spec.ts
+++ b/apps/server/src/etapi/spec.ts
@@ -3,12 +3,18 @@ import type { Router } from "express";
 import fs from "fs";
 import path from "path";
 import { RESOURCE_DIR } from "../services/resource_dir";
+import rateLimit from "express-rate-limit";
 
 const specPath = path.join(RESOURCE_DIR, "etapi.openapi.yaml");
 let spec: string | null = null;
 
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
+
 function register(router: Router) {
-    router.get("/etapi/etapi.openapi.yaml", (_, res) => {
+    router.get("/etapi/etapi.openapi.yaml", limiter, (_, res) => {
         if (!spec) {
             spec = fs.readFileSync(specPath, "utf8");
         }