Protect FileDownloadController with reCAPTCHA v3 and rate limiting #39

Closed
opened 2026-06-01 17:42:08 +00:00 by claude · 0 comments
Member

Summary

Adds bot/scraper protection to the public download endpoint.

Changes

  • FileDownloadController requires ?captchaToken= (reCAPTCHA v3, action ile_download) on initial download requests
  • Range requests (HTTP 206 resume) skip captcha — they are continuations of an already-validated session
  • New download rate limit policy: 5 requests / 1 min per IP
  • Policy added to .env.template, docker-compose.yml (with defaults), and local staging/production env files

UI change required

Before triggering the download call grecaptcha.execute(siteKey, { action: 'file_download' }) and append ?captchaToken=<token> to the download URL.

## Summary Adds bot/scraper protection to the public download endpoint. ### Changes - FileDownloadController requires ?captchaToken=<token> (reCAPTCHA v3, action ile_download) on initial download requests - Range requests (HTTP 206 resume) skip captcha — they are continuations of an already-validated session - New download rate limit policy: 5 requests / 1 min per IP - Policy added to .env.template, docker-compose.yml (with defaults), and local staging/production env files ### UI change required Before triggering the download call `grecaptcha.execute(siteKey, { action: 'file_download' })` and append `?captchaToken=<token>` to the download URL.
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: AI/myAi#39