Lock the parser to prevent spam and repeated requests

server.py

@@ -11,12 +11,12 @@ import httpx
 import logging
 import sqlite3
 import appdirs
+from threading import Lock
 from typing import Annotated
 from fastapi import Query, Header, HTTPException, Request
 from fastapi.responses import JSONResponse
 from pathlib import Path
 from bs4 import BeautifulSoup
-from rich.logging import RichHandler
 from fastapi.middleware.cors import CORSMiddleware
 
 
@@ -50,6 +50,7 @@ app = fastapi.FastAPI(
     root_path=os.environ.get("PREVIEW_ROOT_PATH", ""),
     lifespan=startup
 )
+lock = Lock()
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
@@ -231,7 +232,7 @@ def preview_url(
                 return json.loads(metadata)
 
     domain = os.environ.get("PREVIEW_HOMESERVER", "https://" + req.url.hostname)
-
+    with lock:
         try:
             with httpx.Client(
                 headers={