feat: allow unauthenticated users to perform domain name lookups

2025-12-29 16:15:04 +00:00 · 2025-12-08 18:18:33 +01:00
parent eddb267275
commit 5476ee7acc
16 changed files with 214 additions and 110 deletions
--- a/config/packages/rate_limiter.yaml
+++ b/config/packages/rate_limiter.yaml
@@ -22,5 +22,10 @@ framework:

        user_rdap_requests:
            policy: sliding_window
-            limit: 10
+            limit: 60
+            interval: '1 hour'
+
+        public_rdap_requests:
+            policy: sliding_window
+            limit: 30
            interval: '1 hour'
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -60,6 +60,7 @@ security:
        - { path: ^/api$, roles: PUBLIC_ACCESS }
        - { path: ^/api/docs, roles: PUBLIC_ACCESS }
        - { path: ^/api/register$, roles: PUBLIC_ACCESS }
+        - { path: ^/api/domains/*, roles: CAN_RDAP_LOOKUP }
        - { path: "^/api/watchlists/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/calendar$", roles: PUBLIC_ACCESS }
        - { path: "^/api/watchlists/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/rss", roles: PUBLIC_ACCESS }
        - { path: "^/api/config$", roles: PUBLIC_ACCESS }