yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Move rate limiting middleware infront of auth

Browse Source 
Tighten rate limits on attachment, comment, and group creation
This commit is contained in:
Tom Moor
2023-04-18 23:47:11 -04:00
parent fb8d8f8159
commit 54cf3fb8b1
7 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/routes/api/collections.ts
View File

@@ -150,8 +150,8 @@ router.post("collections.info", auth(), async (ctx: APIContext) => {
router.post(
"collections.import",
auth(),
rateLimiter(RateLimiterStrategy.TenPerHour),
auth(),
async (ctx: APIContext) => {
const {
attachmentId,
@@ -549,8 +549,8 @@ router.post(
router.post(
"collections.export",
auth(),
rateLimiter(RateLimiterStrategy.TenPerHour),
auth(),
async (ctx: APIContext) => {
const { id } = ctx.request.body;
const { format = FileOperationFormat.MarkdownZip } = ctx.request.body;
@@ -589,8 +589,8 @@ router.post(
router.post(
"collections.export_all",
auth(),
rateLimiter(RateLimiterStrategy.FivePerHour),
auth(),
async (ctx: APIContext) => {
const { format = FileOperationFormat.MarkdownZip } = ctx.request.body;
const { user } = ctx.state.auth;