nextcloud-talk: throttle repeated webhook auth failures (#56007)

* nextcloud-talk: throttle repeated webhook auth failures Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com> * nextcloud-talk: scope webhook auth limiter per server * nextcloud-talk: limit repeated webhook auth failures only --------- Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
2026-04-21 14:11:26 +00:00 · 2026-03-27 13:37:55 -07:00
parent 355abe5eba
commit e403decb6e
3 changed files with 81 additions and 1 deletions
--- a/src/plugin-sdk/nextcloud-talk.ts
+++ b/src/plugin-sdk/nextcloud-talk.ts
@@ -2,6 +2,7 @@
 // Keep this list additive and scoped to symbols used under extensions/nextcloud-talk.

 export { logInboundDrop } from "../channels/logging.js";
+export { createAuthRateLimiter } from "../gateway/auth-rate-limit.js";
 export { resolveMentionGatingWithBypass } from "../channels/mention-gating.js";
 export type { AllowlistMatch } from "../channels/plugins/allowlist-match.js";
 export {
@@ -70,10 +71,11 @@ export {
  requireOpenAllowFrom,
 } from "../config/zod-schema.core.js";
 export {
+  WEBHOOK_RATE_LIMIT_DEFAULTS,
  isRequestBodyLimitError,
  readRequestBodyWithLimit,
  requestBodyErrorToText,
-} from "../infra/http-body.js";
+} from "./webhook-ingress.js";
 export { waitForAbortSignal } from "../infra/abort-signal.js";
 export { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
 export { emptyPluginConfigSchema } from "../plugins/config-schema.js";