feat: add ip limit to api key creation

rs/packages/api/src/routes/admins/change_password.rs

@@ -115,6 +115,8 @@ pub mod post {
         return Err(HandleError::IpLimit);
       }
 
+      ip_limit::hit(ip);
+
       if !crypt::compare(&current_password, &admin.password) {
         return Err(HandleError::CurrentPasswordMismatch);
       }

rs/packages/api/src/routes/me/api_keys/mod.rs

@@ -194,15 +194,20 @@ pub mod get {
 
 pub mod post {
 
+  use std::net::IpAddr;
+
   use prex::request::ReadBodyJsonError;
 
+  use crate::ip_limit;
+
   use super::*;
 
   #[derive(Debug, Clone)]
   pub struct Endpoint {}
 
   #[derive(Debug, Clone)]
   pub struct Input {
+    ip: IpAddr,
     payload: Payload,
     access_token_scope: AccessTokenScope,
   }
@@ -251,6 +256,8 @@ pub mod post {
     TitleTooLong,
     #[error("invalid global access scope ")]
     InvalidScopeGlobal,
+    #[error("ip limit")]
+    IpLimit,
   }
 
   impl From<HandleError> for ApiError {
@@ -265,6 +272,7 @@ pub mod post {
         HandleError::TitleTooLong => {
           ApiError::PayloadInvalid("API key title cannot exceed 100 characters".into())
         }
+        HandleError::IpLimit => ApiError::TooManyRequests,
       }
     }
   }
@@ -277,22 +285,30 @@ pub mod post {
     type HandleError = HandleError;
 
     async fn parse(&self, mut req: Request) -> Result<Self::Input, Self::ParseError> {
+      let ip = req.isomorphic_ip();
       let access_token_scope = request_ext::get_access_token_scope(&req).await?;
       let payload = req.read_body_json::<Payload>(100_000).await?;
-      // let access_token_scope = request_ext::get_scope_from_token(&req, &access_token).await?;
 
       Ok(Self::Input {
+        ip,
         access_token_scope,
         payload,
       })
     }
 
     async fn perform(&self, input: Self::Input) -> Result<Self::Output, Self::HandleError> {
       let Self::Input {
+        ip,
         access_token_scope,
         payload,
       } = input;
 
+      if ip_limit::should_reject(ip) {
+        return Err(HandleError::IpLimit);
+      }
+
+      ip_limit::hit(ip);
+
       let Payload { title, password } = payload;
 
       let title = title.trim().to_string();

rs/packages/api/src/routes/users/change_password.rs

@@ -118,6 +118,8 @@ pub mod post {
         return Err(HandleError::IpLimit);
       }
 
+      ip_limit::hit(ip);
+
       match &user.password {
         None => return Err(HandleError::CurrentPasswordMismatch),
         Some(user_password) => {