yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Move rate limiting middleware infront of auth

Browse Source 
Tighten rate limits on attachment, comment, and group creation
This commit is contained in:
Tom Moor
2023-04-18 23:47:11 -04:00
parent fb8d8f8159
commit 54cf3fb8b1
7 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/routes/api/attachments/attachments.ts
View File

@@ -5,6 +5,7 @@ import { bytesToHumanReadable } from "@shared/utils/files";
import { AttachmentValidation } from "@shared/validations";
import { AuthorizationError, ValidationError } from "@server/errors";
import auth from "@server/middlewares/authentication";
import { rateLimiter } from "@server/middlewares/rateLimiter";
import { transaction } from "@server/middlewares/transaction";
import validate from "@server/middlewares/validate";
import { Attachment, Document, Event } from "@server/models";
@@ -12,6 +13,7 @@ import AttachmentHelper from "@server/models/helpers/AttachmentHelper";
import { authorize } from "@server/policies";
import { presentAttachment } from "@server/presenters";
import { APIContext } from "@server/types";
import { RateLimiterStrategy } from "@server/utils/RateLimiter";
import { getPresignedPost, publicS3Endpoint } from "@server/utils/s3";
import { assertIn } from "@server/validation";
import * as T from "./schema";
@@ -20,6 +22,7 @@ const router = new Router();
router.post(
"attachments.create",
rateLimiter(RateLimiterStrategy.TenPerMinute),
auth(),
validate(T.AttachmentsCreateSchema),
transaction(),