About flow "public/guest"

[w7en]

Hi @bglamadrid. Thank you shared about this project. I have some question about flow "public/guest"

1. Every request to "public/guest", user need pass data to endpoint. But I think data spam very much. Is this right?

Thanks. Have a nice day

[bglamadrid]

Hello @hoanghiaquyen, thanks for your interest!
Indeed, currently there is no mechanism in this application to prevent spam.

In my opinion, if that's an issue then I'd recommend deploying it to a hosting infrastructure that supports spam prevention, such as a cloud provider implementing an API Gateway.

Because, while it is possible to do something about spam within the application, I feel it should be an optional feature.
If we add a native mechanism written from scratch, it could underperform or add unnecessary overhead on every API request, and rather do worse than good to the overall performance of the backend.

But if we can find a nice design pattern to create a well-performing mechanism (and we keep it as an option that can be turned on/off), I don't see why we can't implement it then.

[w7en]

Thanks for reply. I think we can use rate limit for this or we can add IDNumber to claims thereafter check it in middleware (at least it doesn't enter the database to check but the security is not high)