Skip to main content

Overview

The panic mode endpoint allows administrators to immediately suspend or restore the gitGost service. When activated, all push attempts are rejected with an explanatory message. This feature is designed to mitigate bot submissions, coordinated spam, or other abusive activity.
This endpoint is protected by admin authentication and strict rate limiting (10 requests/minute per IP).

Endpoint

POST /admin/panic

Authentication

The endpoint accepts two forms of authentication:
  1. Static password - The PANIC_PASSWORD environment variable configured during deployment
  2. Single-use action token - Time-limited tokens (10 minutes TTL) generated for ntfy alert action buttons

Request Body

password
string
Admin password for panic mode control. Must match the PANIC_PASSWORD environment variable.
token
string
Single-use action token generated by the system. Expires after 10 minutes.
active
boolean
required
  • true - Activate panic mode (suspend service)
  • false - Deactivate panic mode (restore service)
You must provide either password or token, but not both.

Response

panic_mode
boolean
Current state of panic mode after the request.
state
string
Human-readable status: "activated" or "deactivated".

Behavior When Active

When panic mode is activated:
  • All push requests to /v1/gh/:owner/:repo/git-receive-pack are immediately rejected
  • Users receive a Git protocol error message: 
    remote: SERVICE TEMPORARILY SUSPENDED
remote: The panic button has been activated. The service has been
remote: temporarily suspended due to detected bot activity
remote: sending mass PRs. Please try again in 15 minutes.
  • The service status endpoint (/api/status) returns {"panic_mode": true}
  • The deployment badge shows “suspended” in red

Rate Limiting

The admin endpoints enforce strict rate limiting:
  • 10 requests per minute per IP
  • Exceeding this limit returns 429 Too Many Requests

Examples

curl -X POST https://gitgost.leapcell.app/admin/panic \
  -H "Content-Type: application/json" \
  -d '{"password":"<PANIC_PASSWORD>","active":true}'

Shell Aliases

For convenience, add these aliases to your ~/.zshrc or ~/.bashrc: 
export PANIC_PASSWORD="your-password-here"

alias gitgost-suspend='curl -s -X POST https://gitgost.leapcell.app/admin/panic \
  -H "Content-Type: application/json" \
  -d "{\"password\":\"$PANIC_PASSWORD\",\"active\":true}"'

alias gitgost-restore='curl -s -X POST https://gitgost.leapcell.app/admin/panic \
  -H "Content-Type: application/json" \
  -d "{\"password\":\"$PANIC_PASSWORD\",\"active\":false}"'
Then simply run: 
gitgost-suspend  # Activate panic mode
gitgost-restore  # Deactivate panic mode

ntfy Integration

When abusive activity is detected, the system sends alerts to the configured ntfy admin topic with action buttons:
  • Activate Panic - Immediately suspend the service
  • Close Burst PRs - Close all PRs created during the attack window
  • Deactivate Panic - Restore normal operation
Action buttons use single-use tokens that expire after 10 minutes. If the tokens expire, use the curl commands with your PANIC_PASSWORD instead.

Implementation Details

From handlers.go:789-815: 
func PanicHandler(c *gin.Context) {
	var req struct {
		Password string `json:"password"`
		Token    string `json:"token"`
		Active   bool   `json:"active"`
	}
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"})
		return
	}
	authorized := (panicPassword != "" && req.Password == panicPassword) ||
		(req.Token != "" && consumeActionToken(req.Token))
	if !authorized {
		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid credentials"})
		return
	}
	panicMu.Lock()
	panicMode = req.Active
	panicMu.Unlock()

	state := "deactivated"
	if req.Active {
		state = "activated"
	}
	utils.Log("panic mode %s", state)
	c.JSON(http.StatusOK, gin.H{"panic_mode": req.Active, "state": state})
}

Build docs developers (and LLMs) love

Get started for freeTalk to us