TopherMayor/cabo-voting-app
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Rate limiting and vote spam prevention #14

New Issue
Open
opened 2026-04-29 03:55:22 +00:00 by TopherMayor · 0 comments
TopherMayor commented 2026-04-29 03:55:22 +00:00
Owner
Copy Link

Problem

A malicious or drunk groomsman could spam votes or flood the app with submissions. There's no abuse prevention.

Proposed Solution

  • Server-side: max 1 vote per 2 seconds per IP + voterName combo
  • Max 10 new option submissions per IP per hour
  • Client-side: disable vote button for 1s after casting (prevent double-tap)
  • Rate limit responses return HTTP 429 with a friendly message

Acceptance Criteria

  • Rapid-fire votes are blocked server-side (HTTP 429)
  • Client shows "Please wait…" on vote button for 1s after vote
  • Mass option submission is rate-limited
  • Rate limit messages are friendly, not technical
## Problem A malicious or drunk groomsman could spam votes or flood the app with submissions. There's no abuse prevention. ## Proposed Solution - Server-side: max 1 vote per 2 seconds per IP + voterName combo - Max 10 new option submissions per IP per hour - Client-side: disable vote button for 1s after casting (prevent double-tap) - Rate limit responses return HTTP 429 with a friendly message ## Acceptance Criteria - [ ] Rapid-fire votes are blocked server-side (HTTP 429) - [ ] Client shows "Please wait…" on vote button for 1s after vote - [ ] Mass option submission is rate-limited - [ ] Rate limit messages are friendly, not technical
TopherMayor added the backendpriority/medium labels 2026-04-29 03:55:22 +00:00
TopherMayor added this to the UI/UX Overhaul v1.0 milestone 2026-04-29 03:56:15 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
Accessibility improvements
 backend
Backend/Express/WebSocket/API
 enhancement
New feature or enhancement
 frontend
Frontend/HTML/CSS/JS
 mobile
Mobile-specific improvements
 priority/high
High priority
 priority/low
Low priority
 priority/medium
Medium priority
 ui/ux
UI/UX work
No Label backend priority/medium
Milestone
No items
No Milestone UI/UX Overhaul v1.0
Projects
Clear projects
No project
Assignees
Clear assignees
TopherMayor
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: TopherMayor/cabo-voting-app#14
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?