BTCMaps v2: tighten /apis/btcmaps/v1/submit rate limit to 3/24h per IP

Per CREATOR direction on PR #226. Tightening the existing endpoint-wide fixed-window from 5/24h to 3/24h per source IP. The BTC Map import-RPC lane forwards submissions into the upstream reviewer queue (not an instant publish), and rate-limit is the primary spam control on the public endpoint.
2026-05-25 17:30:22 +00:00 · 2026-05-25 17:30:22 +00:00 · 2119281141
commit 2119281141
parent cac72c5682
1 changed files with 6 additions and 3 deletions
--- a/PluginBuilder/Program.cs
+++ b/PluginBuilder/Program.cs
@ -291,13 +291,16 @@ public class Program
            });
            options.AddPolicy(Policies.BtcMapsSubmitRateLimit, httpContext =>
            {
-                // Per-source-IP fixed window: 5 submissions per 24h. Caps automation
+                // Per-source-IP fixed window: 3 submissions per 24h. Caps automation
                // abuse of /apis/btcmaps/v1/submit without throttling honest single
-                // submissions from a merchant.
+                // submissions from a merchant. Tightened from 5/24h with the
+                // multi-vendor BTC Map import-RPC lane (PR #226) since that path
+                // forwards into a moderator review queue and rate-limit is the
+                // primary spam control on the public endpoint.
                var clientIp = httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
                return RateLimitPartition.GetFixedWindowLimiter(clientIp, _ => new FixedWindowRateLimiterOptions
                {
-                    PermitLimit = 5,
+                    PermitLimit = 3,
                    Window = TimeSpan.FromHours(24),
                    QueueProcessingOrder = QueueProcessingOrder.OldestFirst,
                    QueueLimit = 0