How to protect my app against abuse

I'm getting ready to release my app next week and I'm trying to make the final preparations. I have ip-based ratelimitting with upstash so users cant make more than 10 requests per 10s from the same IP. However, I'm a bit concerned about people who might abuse the app and drive up the costs on my serverless backends. My app runs tournaments and currently uses the following services: - Google Cloud Firestore for maintaining the state of each tournament and pushing it to clients in realtime - Google Cloud Storage for holding profile pictures and thumbnails for the tournaments - Algolia for fuzzy searching of the tournaments - Upstash for ratelimitting my API requests - Vercel for hosting the app - Vercel's next/image for caching images My current list of questions are: - What kind of general protections can I put in place to make sure users can't abuse my app. Right now I just have IP based ratelimitting? - What to prevents someone from calling one of the functions to update a tournament over and over agains from a few different computers and driving up cost? - How should I limit the the size of images being uploaded to the app for thumbnails / profile pictures? - Should I be concerned about next/image caching costs?
1 Reply
Tom
TomOP2y ago
On a kind of related note, does anyone have suggestions for how Terms and Conditions?
Want results from more Discord servers?
Add your server