From a4d1ed6da536c458bc5f9d92e214b72af86f8a07 Mon Sep 17 00:00:00 2001
From: gz1007 <yewei@4399.com>
Date: Wed, 18 Mar 2026 17:50:23 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81=E9=80=9A=E8=BF=87?=
 =?UTF-8?q?=E7=8E=AF=E5=A2=83=E5=8F=98=E9=87=8F=E9=85=8D=E7=BD=AE=E6=90=9C?=
 =?UTF-8?q?=E7=B4=A2=E6=8E=A5=E5=8F=A3=E9=99=90=E6=B5=81=E5=8F=82=E6=95=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common/constants.go      | 1 +
 common/init.go           | 4 ++++
 middleware/rate-limit.go | 5 ++++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/common/constants.go b/common/constants.go
index 6823b2c8..b051b235 100644
--- a/common/constants.go
+++ b/common/constants.go
@@ -177,6 +177,7 @@ var (
 	DownloadRateLimitDuration int64 = 60
 
 	// Per-user search rate limit (applies after authentication, keyed by user ID)
+	SearchRateLimitEnable         = true
 	SearchRateLimitNum            = 10
 	SearchRateLimitDuration int64 = 60
 )
diff --git a/common/init.go b/common/init.go
index e4ddbb45..4ac7d238 100644
--- a/common/init.go
+++ b/common/init.go
@@ -120,6 +120,10 @@ func InitEnv() {
 	CriticalRateLimitEnable = GetEnvOrDefaultBool("CRITICAL_RATE_LIMIT_ENABLE", true)
 	CriticalRateLimitNum = GetEnvOrDefault("CRITICAL_RATE_LIMIT", 20)
 	CriticalRateLimitDuration = int64(GetEnvOrDefault("CRITICAL_RATE_LIMIT_DURATION", 20*60))
+
+	SearchRateLimitEnable = GetEnvOrDefaultBool("SEARCH_RATE_LIMIT_ENABLE", true)
+	SearchRateLimitNum = GetEnvOrDefault("SEARCH_RATE_LIMIT", 10)
+	SearchRateLimitDuration = int64(GetEnvOrDefault("SEARCH_RATE_LIMIT_DURATION", 60))
 	initConstantEnv()
 }
 
diff --git a/middleware/rate-limit.go b/middleware/rate-limit.go
index 10d7d821..d8dd15d9 100644
--- a/middleware/rate-limit.go
+++ b/middleware/rate-limit.go
@@ -196,7 +196,10 @@ func userRedisRateLimiter(c *gin.Context, maxRequestNum int, duration int64, key
 }
 
 // SearchRateLimit returns a per-user rate limiter for search endpoints.
-// 10 requests per 60 seconds per user (by user ID, not IP).
+// Configurable via SEARCH_RATE_LIMIT_ENABLE / SEARCH_RATE_LIMIT / SEARCH_RATE_LIMIT_DURATION.
 func SearchRateLimit() func(c *gin.Context) {
+	if !common.SearchRateLimitEnable {
+		return defNext
+	}
 	return userRateLimitFactory(common.SearchRateLimitNum, common.SearchRateLimitDuration, "SR")
 }