From e04c1b80f96826d4d5b647d5af5689ec86402cba Mon Sep 17 00:00:00 2001
From: Aleksandr Soloshenko <capcom2me@gmail.com>
Date: Thu, 27 Mar 2025 06:14:16 +0700
Subject: [PATCH] [deploy] limit user operations from device

---
 deployments/docker-swarm-terraform/main.tf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/deployments/docker-swarm-terraform/main.tf b/deployments/docker-swarm-terraform/main.tf
index c0a078b..90f5b8e 100644
--- a/deployments/docker-swarm-terraform/main.tf
+++ b/deployments/docker-swarm-terraform/main.tf
@@ -147,6 +147,7 @@ resource "docker_service" "app" {
   #endregion
 
   #region Primary Limited
+  #region Device Registration
   labels {
     label = "traefik.http.routers.${var.app-name}-new_limited.rule"
     value = "Host(`api.sms-gate.app`) && PathPrefix(`/mobile/v1/device`) && Method(`POST`)"
@@ -164,6 +165,25 @@ resource "docker_service" "app" {
     value = "le"
   }
   #endregion
+  #region User Operations
+  labels {
+    label = "traefik.http.routers.${var.app-name}-new_limited-user.rule"
+    value = "Host(`api.sms-gate.app`) && PathPrefix(`/mobile/v1/user`)"
+  }
+  labels {
+    label = "traefik.http.routers.${var.app-name}-new_limited-user.entrypoints"
+    value = "https"
+  }
+  labels {
+    label = "traefik.http.routers.${var.app-name}-new_limited-user.middlewares"
+    value = "rate-limit_5-per-1m,${var.app-name}-new-addprefix"
+  }
+  labels {
+    label = "traefik.http.routers.${var.app-name}-new_limited-user.tls.certresolver"
+    value = "le"
+  }
+  #endregion
+  #endregion
 
   labels {
     label = "traefik.http.services.${var.app-name}.loadbalancer.server.port"