Release v1.7.15: security hardening, async auth, CSP tightening, model validation, SSRF guard, rate limiting improvements, frontend extraction, Docker compose security

2026-05-28 14:57:09 +02:00
parent fe95dfcfce
commit f7fca05210
18 changed files with 943 additions and 873 deletions
@@ -42,6 +42,8 @@ def _get_path_category(path: str) -> str:
        return "ask"
    if path.startswith("/api/events/bulk-tags"):
        return "write"
+    if "/explain" in path:
+        return "explain"
    return "default"


@@ -51,6 +53,8 @@ def _limit_for_category(category: str) -> tuple[int, int]:
        return (10, 3600)  # 10 per hour
    if category == "ask":
        return (30, 60)  # 30 per minute
+    if category == "explain":
+        return (20, 60)  # 20 per minute — LLM + Graph API calls
    if category == "write":
        return (20, 60)  # 20 per minute
    return (RATE_LIMIT_REQUESTS, RATE_LIMIT_WINDOW_SECONDS)