chore: More rate limited endpoints

2022-10-02 19:27:21 -04:00
parent a7683dda57
commit 55e622e22f
3 changed files with 87 additions and 68 deletions
--- a/server/routes/api/views.ts
+++ b/server/routes/api/views.ts
@@ -1,5 +1,7 @@
 import Router from "koa-router";
+import { RateLimiterStrategy } from "@server/RateLimiter";
 import auth from "@server/middlewares/authentication";
+import { rateLimiter } from "@server/middlewares/rateLimiter";
 import { View, Document, Event } from "@server/models";
 import { authorize } from "@server/policies";
 import { presentView } from "@server/presenters";
@@ -23,38 +25,43 @@ router.post("views.list", auth(), async (ctx) => {
  };
 });

-router.post("views.create", auth(), async (ctx) => {
-  const { documentId } = ctx.body;
-  assertUuid(documentId, "documentId is required");
+router.post(
+  "views.create",
+  auth(),
+  rateLimiter(RateLimiterStrategy.OneThousandPerHour),
+  async (ctx) => {
+    const { documentId } = ctx.body;
+    assertUuid(documentId, "documentId is required");

-  const { user } = ctx.state;
-  const document = await Document.findByPk(documentId, {
-    userId: user.id,
-  });
-  authorize(user, "read", document);
+    const { user } = ctx.state;
+    const document = await Document.findByPk(documentId, {
+      userId: user.id,
+    });
+    authorize(user, "read", document);

-  const view = await View.incrementOrCreate({
-    documentId,
-    userId: user.id,
-  });
+    const view = await View.incrementOrCreate({
+      documentId,
+      userId: user.id,
+    });

-  await Event.create({
-    name: "views.create",
-    actorId: user.id,
-    documentId: document.id,
-    collectionId: document.collectionId,
-    teamId: user.teamId,
-    modelId: view.id,
-    data: {
-      title: document.title,
-    },
-    ip: ctx.request.ip,
-  });
-  view.user = user;
+    await Event.create({
+      name: "views.create",
+      actorId: user.id,
+      documentId: document.id,
+      collectionId: document.collectionId,
+      teamId: user.teamId,
+      modelId: view.id,
+      data: {
+        title: document.title,
+      },
+      ip: ctx.request.ip,
+    });
+    view.user = user;

-  ctx.body = {
-    data: presentView(view),
-  };
-});
+    ctx.body = {
+      data: presentView(view),
+    };
+  }
+);

 export default router;