github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[Feature] [Extend] API Rate Limiting by User Creation Age #4675

New Issue
Open
opened 2025-11-02 05:59:06 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-02 05:59:06 -06:00
Owner
Copy Link

Originally created by @6543 on GitHub (Jan 17, 2020).

extend #9559

-> the longer a user exist the less it is posible that he is evil

Originally created by @6543 on GitHub (Jan 17, 2020). extend #9559 -> the longer a user exist the less it is posible that he is evil
GiteaMirror added the issue/confirmedtopic/security labels 2025-11-02 05:59:06 -06:00
GiteaMirror commented 2025-11-02 05:59:07 -06:00
Author
Owner
Copy Link

@jolheiser commented on GitHub (Jan 17, 2020):

From the link you posted in the other issue.

problem is that accounts are created manually, then dormant, then spamming thousands of comments.

So I'm not sure how well this would work.
I think restricting the api or account creation would be a good feature, however we need to be careful how it's implemented to avoid having too many one-off security features.

@jolheiser commented on GitHub (Jan 17, 2020): From the link you posted in the other issue. > problem is that accounts are created manually, then dormant, then spamming thousands of comments. So I'm not sure how well this would work. I think restricting the api or account creation would be a good feature, however we need to be careful how it's implemented to avoid having too many one-off security features.
GiteaMirror commented 2025-11-02 05:59:07 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Jan 17, 2020):

Thoughts ....:

ON first day user can only creat 5 issues | no API -> UI tell reason why cration failed if he try to set more ..
second day he can use API (~500 GET/day) and 10 Issues ....

and alter the limit if other user <- the more different the better respond to created issues ?

@6543 commented on GitHub (Jan 17, 2020): Thoughts ....: ON first day user can only creat 5 issues | no API -> UI tell reason why cration failed if he try to set more .. second day he can use API (~500 GET/day) and 10 Issues .... and alter the limit if other user <- the more different the better respond to created issues ?
GiteaMirror commented 2025-11-02 05:59:07 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Jan 17, 2020):

@jolheiser "So I'm not sure how well this would work"
I think it would help a lot if used with restrictions to account creation

@6543 commented on GitHub (Jan 17, 2020): > @jolheiser "So I'm not sure how well this would work" I think it would help a lot if used with restrictions to account creation
GiteaMirror commented 2025-11-02 05:59:07 -06:00
Author
Owner
Copy Link

@Codeberg-org commented on GitHub (Jan 17, 2020):

-> the longer a user exist the less it is posible that he is evil

This is a neat idea, can well imagine to extend this concept: reputation based on number of accepted PRs, issues not flagged as spam/deleted by project owner, number of high-quality public repos [no mirror, not single README], number of stars and repo watchers, etc.

See also hugot's gitea-api-protector, using accepted PRs as credibility score: https://codeberg.org/hugot/gitea-api-protector

@Codeberg-org commented on GitHub (Jan 17, 2020): > -> the longer a user exist the less it is posible that he is evil This is a neat idea, can well imagine to extend this concept: reputation based on number of accepted PRs, issues not flagged as spam/deleted by project owner, number of high-quality public repos [no mirror, not single README], number of stars and repo watchers, etc. See also hugot's gitea-api-protector, using accepted PRs as credibility score: https://codeberg.org/hugot/gitea-api-protector
GiteaMirror commented 2025-11-02 05:59:08 -06:00
Author
Owner
Copy Link

@Codeberg-org commented on GitHub (Jan 17, 2020):

I think restricting the api or account creation would be a good feature

This would lock out mobile Gitea apps that work via API, like for example GitNex.

@Codeberg-org commented on GitHub (Jan 17, 2020): > I think restricting the api or account creation would be a good feature This would lock out mobile Gitea apps that work via API, like for example GitNex.
GiteaMirror commented 2025-11-02 05:59:08 -06:00
Author
Owner
Copy Link

@jolheiser commented on GitHub (Jan 17, 2020):

I think restricting the api or account creation would be a good feature

This would lock out mobile Gitea apps that work via API, like for example GitNex.

Yes, I was talking in more general terms, and that's only half my sentence. It needs to be carefully thought out so it's not just another setting in our already large config.

Reputation is an interesting idea, and that api protector is also pretty snazzy looking.

@jolheiser commented on GitHub (Jan 17, 2020): > > I think restricting the api or account creation would be a good feature > > This would lock out mobile Gitea apps that work via API, like for example GitNex. Yes, I was talking in more general terms, and that's only half my sentence. It needs to be carefully thought out so it's not just _another_ setting in our already large config. Reputation is an interesting idea, and that api protector is also pretty snazzy looking.
GiteaMirror commented 2025-11-02 05:59:08 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Mar 18, 2020):

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

@stale[bot] commented on GitHub (Mar 18, 2020): This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/confirmed topic/security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#4675
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?