fix: Internal API 라우트를 apiLimiter보다 먼저 등록
Fiber는 라우트를 등록 순서대로 매칭하므로, /api/internal이 /api 그룹 뒤에 있으면 apiLimiter가 먼저 적용됨. 순서를 변경하여 Rate Limit 우회. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -35,6 +35,42 @@ func Register(
|
||||
|
||||
// Default 1MB body limit for API routes; upload endpoints are excluded
|
||||
apiBodyLimit := middleware.BodyLimit(1*1024*1024, "/api/download/upload")
|
||||
|
||||
// ── Internal API (Rate Limit 제외, API Key 인증만) ──────────────
|
||||
// 반드시 /api 그룹보다 먼저 등록해야 apiLimiter를 우회함
|
||||
internalApi := app.Group("/api/internal", apiBodyLimit, middleware.ServerAuth)
|
||||
|
||||
// Internal - Boss Raid
|
||||
br := internalApi.Group("/bossraid")
|
||||
br.Post("/entry", brH.RequestEntry)
|
||||
br.Post("/start", brH.StartRaid)
|
||||
br.Post("/complete", middleware.IdempotencyRequired, brH.CompleteRaid)
|
||||
br.Post("/fail", brH.FailRaid)
|
||||
br.Get("/room", brH.GetRoom)
|
||||
br.Post("/validate-entry", brH.ValidateEntryToken)
|
||||
br.Post("/register", brH.RegisterServer)
|
||||
br.Post("/heartbeat", brH.Heartbeat)
|
||||
br.Post("/reset-room", brH.ResetRoom)
|
||||
br.Get("/server-status", brH.GetServerStatus)
|
||||
|
||||
// Internal - Auth
|
||||
internalAuth := internalApi.Group("/auth")
|
||||
internalAuth.Post("/verify", authH.VerifyToken)
|
||||
|
||||
// Internal - Player
|
||||
internalPlayer := internalApi.Group("/player")
|
||||
internalPlayer.Get("/profile", playerH.InternalGetProfile)
|
||||
internalPlayer.Post("/save", playerH.InternalSaveGameData)
|
||||
|
||||
// Internal - Chain
|
||||
internalChain := internalApi.Group("/chain")
|
||||
internalChain.Post("/reward", middleware.IdempotencyRequired, chainH.InternalGrantReward)
|
||||
internalChain.Post("/mint", middleware.IdempotencyRequired, chainH.InternalMintAsset)
|
||||
internalChain.Get("/balance", chainH.InternalGetBalance)
|
||||
internalChain.Get("/assets", chainH.InternalGetAssets)
|
||||
internalChain.Get("/inventory", chainH.InternalGetInventory)
|
||||
|
||||
// ── Public API (Rate Limit 적용) ────────────────────────────────
|
||||
api := app.Group("/api", apiLimiter, apiBodyLimit)
|
||||
|
||||
// Auth
|
||||
@@ -105,36 +141,4 @@ func Register(
|
||||
p.Get("/profile", playerH.GetProfile)
|
||||
p.Put("/profile", playerH.UpdateProfile)
|
||||
|
||||
// ── Internal API (Rate Limit 제외, API Key 인증만) ──────────────
|
||||
internalApi := app.Group("/api/internal", apiBodyLimit, middleware.ServerAuth)
|
||||
|
||||
// Internal - Boss Raid
|
||||
br := internalApi.Group("/bossraid")
|
||||
br.Post("/entry", brH.RequestEntry)
|
||||
br.Post("/start", brH.StartRaid)
|
||||
br.Post("/complete", middleware.IdempotencyRequired, brH.CompleteRaid)
|
||||
br.Post("/fail", brH.FailRaid)
|
||||
br.Get("/room", brH.GetRoom)
|
||||
br.Post("/validate-entry", brH.ValidateEntryToken)
|
||||
br.Post("/register", brH.RegisterServer)
|
||||
br.Post("/heartbeat", brH.Heartbeat)
|
||||
br.Post("/reset-room", brH.ResetRoom)
|
||||
br.Get("/server-status", brH.GetServerStatus)
|
||||
|
||||
// Internal - Auth
|
||||
internalAuth := internalApi.Group("/auth")
|
||||
internalAuth.Post("/verify", authH.VerifyToken)
|
||||
|
||||
// Internal - Player
|
||||
internalPlayer := internalApi.Group("/player")
|
||||
internalPlayer.Get("/profile", playerH.InternalGetProfile)
|
||||
internalPlayer.Post("/save", playerH.InternalSaveGameData)
|
||||
|
||||
// Internal - Chain
|
||||
internalChain := internalApi.Group("/chain")
|
||||
internalChain.Post("/reward", middleware.IdempotencyRequired, chainH.InternalGrantReward)
|
||||
internalChain.Post("/mint", middleware.IdempotencyRequired, chainH.InternalMintAsset)
|
||||
internalChain.Get("/balance", chainH.InternalGetBalance)
|
||||
internalChain.Get("/assets", chainH.InternalGetAssets)
|
||||
internalChain.Get("/inventory", chainH.InternalGetInventory)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user