[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting.

1 files changed, 4 insertions, 2 deletions

diff --git a/config/description.exs b/config/description.exs
index 84dcdb87e..8ec4b712f 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -2008,13 +2008,15 @@ config :pleroma, :config_description, [
     label: "Pleroma Admin Token",
     type: :group,
     description:
-      "Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the `admin_token` parameter",
+      "Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the `admin_token` parameter (risky; use HTTP Basic Auth or OAuth-based authentication if possible)",
     children: [
       %{
         key: :admin_token,
         type: :string,
         description: "Admin token",
-        suggestions: ["We recommend a secure random string or UUID"]
+        suggestions: [
+          "We recommend NOT setting the value do to increased security risk; if set, use a secure random long string or UUID (and change it as often as possible)"
+        ]
       }
     ]
   },