feat(api): implement rate limiting for abuse prevention

Add @fastify/rate-limit with granular policies for different routes Support TRUST_PROXY environment variable for reverse proxies
2026-05-03 15:04:07 +08:00
parent 8f55db9061
commit 0c76d6bfc8
7 changed files with 453 additions and 69 deletions
--- a/.env.example
+++ b/.env.example
@@ -3,6 +3,7 @@ POSTGRES_USER=pokopia
 POSTGRES_PASSWORD=pokopia
 DATABASE_URL=postgres://pokopia:pokopia@localhost:5432/pokopia
 BACKEND_PORT=3001
+TRUST_PROXY=false
 FRONTEND_ORIGIN=http://localhost:20015
 APP_ORIGIN=http://localhost:20015
 VITE_API_BASE_URL=http://localhost:3001