shahondin1624/Mitgliederverwaltung
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 16 Wiki Activity

fix: normalize URI by stripping query params in rate limiter (Closes #167) #180

Merged
shahondin1624 merged 1 commits from feature/issue-167-ratelimit-normalize-uri into main 2026-04-10 16:19:49 +02:00
Conversation 0 Commits 1 Files Changed 2
+45 -1
shahondin1624 commented 2026-04-10 16:19:40 +02:00
Owner
Copy Link
Copy Source

Summary

  • Strips query parameters from URI before hashing for rate limit cache key
  • Prevents bypass via appending varying dummy query parameters (e.g. ?_=1, ?_=2)
  • All requests to the same path now share one rate limit bucket

Test plan

  • 2 new tests verifying query param normalization
  • All 1012 tests pass
  • Existing rate limit behavior preserved for clean URLs

Closes #167

## Summary - Strips query parameters from URI before hashing for rate limit cache key - Prevents bypass via appending varying dummy query parameters (e.g. `?_=1`, `?_=2`) - All requests to the same path now share one rate limit bucket ## Test plan - [x] 2 new tests verifying query param normalization - [x] All 1012 tests pass - [x] Existing rate limit behavior preserved for clean URLs Closes #167
shahondin1624 added 1 commit 2026-04-10 16:19:41 +02:00
fix: normalize URI by stripping query params in rate limiter (Closes #167) d5f3797fcb 
Rate limit cache key now uses the URI path only (without query string),
preventing bypass via varying dummy query parameters like ?_=1, ?_=2.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
shahondin1624 merged commit 5f9f45f37d into main 2026-04-10 16:19:49 +02:00
shahondin1624 deleted branch feature/issue-167-ratelimit-normalize-uri 2026-04-10 16:19:49 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
backend
Backend / PHP work
 bug
Bug report
 database
Database migrations and schema
 documentation
Documentation
 enhancement
Enhancement or improvement
 epic
Epic / feature-group issues
 frontend
Frontend / Vue.js work
 integration
Nextcloud integrations (Calendar, Contacts, Files)
 priority:high
High priority
 priority:low
Low priority
 priority:medium
Medium priority
 security
Security-related work
 testing
Tests and test infrastructure
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
shahondin1624
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: shahondin1624/Mitgliederverwaltung#180
Delete Branch "feature/issue-167-ratelimit-normalize-uri"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?