yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Move rate limiting middleware infront of auth

Browse Source 
Tighten rate limits on attachment, comment, and group creation
This commit is contained in:
Tom Moor
2023-04-18 23:47:11 -04:00
parent fb8d8f8159
commit 54cf3fb8b1
7 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/routes/api/comments/comments.ts
View File

@@ -4,12 +4,14 @@ import commentCreator from "@server/commands/commentCreator";
import commentDestroyer from "@server/commands/commentDestroyer";
import commentUpdater from "@server/commands/commentUpdater";
import auth from "@server/middlewares/authentication";
import { rateLimiter } from "@server/middlewares/rateLimiter";
import { transaction } from "@server/middlewares/transaction";
import validate from "@server/middlewares/validate";
import { Document, Comment } from "@server/models";
import { authorize } from "@server/policies";
import { presentComment, presentPolicies } from "@server/presenters";
import { APIContext } from "@server/types";
import { RateLimiterStrategy } from "@server/utils/RateLimiter";
import pagination from "../middlewares/pagination";
import * as T from "./schema";
@@ -17,6 +19,7 @@ const router = new Router();
router.post(
"comments.create",
rateLimiter(RateLimiterStrategy.TenPerMinute),
auth(),
validate(T.CommentsCreateSchema),
transaction(),