chore: Rate limiter audit (#3965)

* chore: Rate limiter audit api/users * Make requests required * api/collections * Remove checkRateLimit on FileOperation (now done at route level through rate limiter) * auth rate limit * Add metric logging when rate limit exceeded * Refactor to shared configs * test
2022-08-14 16:04:04 +01:00
parent 9338328a82
commit a326e0ee88
14 changed files with 367 additions and 282 deletions
--- a/server/models/FileOperation.ts
+++ b/server/models/FileOperation.ts
@@ -1,4 +1,3 @@
-import { subHours } from "date-fns";
 import { Op, WhereOptions } from "sequelize";
 import {
  ForeignKey,
@@ -8,9 +7,7 @@ import {
  BelongsTo,
  Table,
  DataType,
-  AfterValidate,
 } from "sequelize-typescript";
-import { RateLimitExceededError } from "@server/errors";
 import { deleteFromS3, getFileByKey } from "@server/utils/s3";
 import Collection from "./Collection";
 import Team from "./Team";
@@ -53,15 +50,13 @@ export enum FileOperationState {
@Table({ tableName: "file_operations", modelName: "file_operation" })
@Fix
 class FileOperation extends IdModel {
-  @Column(DataType.ENUM("import", "export"))
+  @Column(DataType.ENUM(...Object.values(FileOperationType)))
  type: FileOperationType;

  @Column(DataType.STRING)
  format: FileOperationFormat;

-  @Column(
-    DataType.ENUM("creating", "uploading", "complete", "error", "expired")
-  )
+  @Column(DataType.ENUM(...Object.values(FileOperationState)))
  state: FileOperationState;

  @Column
@@ -93,21 +88,6 @@ class FileOperation extends IdModel {
    await deleteFromS3(model.key);
  }

-  @AfterValidate
-  static async checkRateLimit(model: FileOperation) {
-    const count = await this.countExportsAfterDateTime(
-      model.teamId,
-      subHours(new Date(), 12),
-      {
-        type: model.type,
-      }
-    );
-
-    if (count >= 12) {
-      throw RateLimitExceededError();
-    }
-  }
-
  // associations

  @BelongsTo(() => User, "userId")