chore: bump version to 1.7.13 and update CHANGELOG
Build and Push Docker Image / build (push) Successful in 2m2s
Docs Check / Markdown lint (push) Successful in 1m54s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 2m42s
CI / Tests & coverage (push) Successful in 3m7s
CI / Security audit (push) Successful in 3m35s
Docs Check / Mermaid diagram parse check (push) Failing after 3m53s
CI / Swagger Validation & Coverage (push) Successful in 4m26s

This commit is contained in:
2026-05-24 19:24:01 +01:00
parent 95e301ef56
commit 76631cd37e
9 changed files with 53 additions and 17 deletions
+7 -6
View File
@@ -162,12 +162,13 @@ server {
## Rate Limits
| Endpoint | Limit |
|----------|-------|
| `POST /api/auth/login` | 10 failed attempts per 15 min per IP |
| All `/api/*` routes | 300 requests per 15 min per IP |
| `POST /api/webhook/*` | 60 requests per 1 min per IP (webhook-specific limiter, stricter than general) |
| `GET /api/swagger` | No rate limit (public documentation) |
| Endpoint | Limit | Details & Exemptions |
|----------|-------|----------------------|
| `POST /api/auth/login` | 10 attempts per 15 min per IP | **Only failed attempts count** (`skipSuccessfulRequests: true`). Successful requests are not counted. |
| All `/api/*` routes | 300 requests per 15 min per IP | General rate limiting. **Exempts `/api/dashboard/cover-art` requests** to avoid page layout image loading exhaustion. |
| `POST /api/webhook/*` | 60 requests per 1 min per IP | Webhook-specific limiter, stricter than general. |
| `/health` and `/ready` | Exempt | Root-level liveness/readiness probes bypass rate limiters completely. |
| `GET /api/swagger` | Exempt | Public Swagger UI documentation does not enforce rate limits. |
---