From 14446e3c41722723565cbab759a06a1efff4db2c Mon Sep 17 00:00:00 2001 From: kolaente Date: Sat, 30 May 2026 22:51:50 +0200 Subject: [PATCH] fix(routes): apply rate-limit and metrics middleware to /api/v2 The authenticated v1 group installs setupRateLimit and setupMetricsMiddleware; the v2 group only had cache-control and token middleware, so authenticated v2 endpoints bypassed the configured API rate limiter and route metrics. Mirror the v1 stack. --- pkg/routes/routes.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/routes/routes.go b/pkg/routes/routes.go index c81dcef1f..3511a9e52 100644 --- a/pkg/routes/routes.go +++ b/pkg/routes/routes.go @@ -382,6 +382,10 @@ func noStoreCacheControl() echo.MiddlewareFunc { func registerAPIRoutesV2(e *echo.Echo, a *echo.Group) { a.Use(noStoreCacheControl()) a.Use(SetupTokenMiddleware()) + // Match the authenticated v1 group: rate limiting and route metrics + // apply to v2 resource endpoints too. + setupRateLimit(a, config.RateLimitKind.GetString()) + setupMetricsMiddleware(a) api := apiv2.NewAPI(e, a)