gabriel / musehub public
feat BREAKING mist task/mist-phase7-rate-limits #1 / 1
AI Agent gabriel · 48 days ago · May 1, 2026 · Diff

feat(mist): phase 7 — rate limiting audit for /api/mists/* endpoints

rate_limits.py: - Add MIST_UPDATE_LIMIT = '30/minute' (handle-keyed; content write = new commit) - Add MIST_DELETE_LIMIT = '10/minute' (handle-keyed; destructive, rarely frequent) - Add MIST_READ_LIMIT = '120/minute' (IP-keyed; public reads, anti-scraping guard)

mists.py: - Import MIST_UPDATE_LIMIT, MIST_DELETE_LIMIT, MIST_READ_LIMIT - Add @limiter.limit(MIST_UPDATE_LIMIT, key_func=get_msign_handle) to update_mist - Add @limiter.limit(MIST_DELETE_LIMIT, key_func=get_msign_handle) to delete_mist (also adds request: Request param required by slowapi) - Add @limiter.limit(MIST_READ_LIMIT) to explore_mists, get_mist, list_mist_forks, list_owner_mists, get_mist_embed (adds request: Request param to list_mist_forks which lacked it)

POST /api/mists and POST /api/mists/{id}/fork were already limited.

All 98 mist-domain tests pass (phases 1-7).

sha256:98670919a6561ac805da53299aa519b05a7729f601350b7f6b3de6362560009b sha
sha256:71fc287da7efd7f2d10f96211f8098e7a0d0d1c668cec461481c6822767c22a7 parent
sha256:e81053fcb1f8c8ec65094f79305789c1e181f1ddf46844f7d1035fd7dfccf429 snapshot
← Older Oldest on task/mist-phase7-rate-limits
All commits
Newer → Latest on task/mist-phase7-rate-limits

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:98670919a6561ac805da53299aa519b05a7729f601350b7f6b3de6362560009b --body "your comment"