From 50000cd9d47681390c3c45feef98fe51c7b79a0f Mon Sep 17 00:00:00 2001
From: DanConwayDev <DanConwayDev@protonmail.com>
Date: Wed, 14 Jan 2026 11:42:05 +0000
Subject: Add explicit rate limits and total connection limit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Make RateLimit explicit in relay builder (500 subs, 60 events/min)
- Add NGIT_MAX_CONNECTIONS config option (default: 500)
- Update all 4 config locations (src, nix, docs, .env.example)
- Fix documentation error: filter limit 5000→500
- Document Phase 2 deferral decision (per-IP enforcement)

Addresses primary DoS vector (connection exhaustion) with minimal code.
Per-IP rate limiting deferred until abuse detected in production.

Related: issue ff38 (git endpoint throttling - separate concern)
---
 src/config.rs        | 6 ++++++
 src/nostr/builder.rs | 8 ++++++++
 2 files changed, 14 insertions(+)

(limited to 'src')

diff --git a/src/config.rs b/src/config.rs
index 0f0d853..0014003 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -469,6 +469,11 @@ pub struct Config {
     /// All events from these authors are blocked from both relay storage and purgatory
     #[arg(long, env = "NGIT_EVENT_BLACKLIST", default_value = "")]
     pub event_blacklist: String,
+
+    /// Maximum total connections to the relay (default: 500)
+    /// Prevents connection exhaustion DoS attacks
+    #[arg(long, env = "NGIT_MAX_CONNECTIONS", default_value_t = 500)]
+    pub max_connections: usize,
 }
 
 impl Config {
@@ -703,6 +708,7 @@ impl Config {
             repository_whitelist: String::new(),
             repository_blacklist: String::new(),
             event_blacklist: String::new(),
+            max_connections: 500,
         }
     }
 }
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index c2de1df..ef1b700 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -624,6 +624,14 @@ pub async fn create_relay(
     let relay = LocalRelayBuilder::default()
         .database(database.clone())
         .write_policy(write_policy.clone())
+        // Explicitly set rate limits (make defaults visible in code)
+        // Per-connection limits: 500 max subscriptions, 60 events/min
+        .rate_limit(RateLimit {
+            max_reqs: 500,        // Max concurrent subscriptions per connection
+            notes_per_minute: 60, // Max events per minute per connection
+        })
+        // Total connection limit to prevent DoS attacks
+        .max_connections(config.max_connections)
         .build();
 
     tracing::info!(
-- 
cgit v1.2.3