yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Move rate limiting middleware infront of auth

Browse Source 
Tighten rate limits on attachment, comment, and group creation
This commit is contained in:
Tom Moor
2023-04-18 23:47:11 -04:00
parent fb8d8f8159
commit 54cf3fb8b1
7 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/routes/api/users/users.ts
View File

@@ -348,8 +348,8 @@ router.post("users.activate", auth(), async (ctx: APIContext) => {
router.post(
"users.invite",
auth(),
rateLimiter(RateLimiterStrategy.TenPerHour),
auth(),
async (ctx: APIContext) => {
const { invites } = ctx.request.body;
assertArray(invites, "invites must be an array");
@@ -420,8 +420,8 @@ router.post(
router.post(
"users.requestDelete",
auth(),
rateLimiter(RateLimiterStrategy.FivePerHour),
auth(),
async (ctx: APIContext) => {
const { user } = ctx.state.auth;
authorize(user, "delete", user);
@@ -441,8 +441,8 @@ router.post(
router.post(
"users.delete",
auth(),
rateLimiter(RateLimiterStrategy.TenPerHour),
auth(),
async (ctx: APIContext) => {
const { id, code = "" } = ctx.request.body;
const actor = ctx.state.auth.user;