yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add additional rate limits on documents API endpoints

Browse Source
This commit is contained in:
Tom Moor
2023-08-30 20:28:22 -04:00
parent b7055ef853
commit fa03f9c08d
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/routes/api/documents/documents.ts
View File

@@ -669,6 +669,7 @@ router.post(
"documents.search_titles",
auth(),
pagination(),
rateLimiter(RateLimiterStrategy.OneHundredPerMinute),
validate(T.DocumentsSearchSchema),
async (ctx: APIContext<T.DocumentsSearchReq>) => {
const {
@@ -722,6 +723,7 @@ router.post(
optional: true,
}),
pagination(),
rateLimiter(RateLimiterStrategy.OneHundredPerMinute),
validate(T.DocumentsSearchSchema),
async (ctx: APIContext<T.DocumentsSearchReq>) => {
const {
@@ -839,6 +841,7 @@ router.post(
router.post(
"documents.templatize",
auth({ member: true }),
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
validate(T.DocumentsTemplatizeSchema),
async (ctx: APIContext<T.DocumentsTemplatizeReq>) => {
const { id } = ctx.input.body;
@@ -1163,6 +1166,7 @@ router.post(
router.post(
"documents.import",
auth(),
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
validate(T.DocumentsImportSchema),
transaction(),
async (ctx: APIContext<T.DocumentsImportReq>) => {
@@ -1246,6 +1250,7 @@ router.post(
router.post(
"documents.create",
auth(),
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
validate(T.DocumentsCreateSchema),
transaction(),
async (ctx: APIContext<T.DocumentsCreateReq>) => {

15
server/utils/RateLimiter.ts
View File

@@ -56,11 +56,26 @@ export const RateLimiterStrategy = {
duration: 60,
requests: 10,
},
/** Allows twenty five requests per minute, per IP address */
TwentyFivePerMinute: {
duration: 60,
requests: 25,
},
/** Allows one hundred requests per minute, per IP address */
OneHundredPerMinute: {
duration: 60,
requests: 100,
},
/** Allows one thousand requests per hour, per IP address */
OneThousandPerHour: {
duration: 3600,
requests: 1000,
},
/** Allows one hunred requests per hour, per IP address */
OneHundredPerHour: {
duration: 3600,
requests: 100,
},
/** Allows ten requests per hour, per IP address */
TenPerHour: {
duration: 3600,