yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add additional rate limits on documents API endpoints

Browse Source
This commit is contained in:
Tom Moor
2023-08-30 20:28:22 -04:00
parent b7055ef853
commit fa03f9c08d
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/routes/api/documents/documents.ts
View File

@@ -669,6 +669,7 @@ router.post(
"documents.search_titles", "documents.search_titles",
auth(), auth(),
pagination(), pagination(),
rateLimiter(RateLimiterStrategy.OneHundredPerMinute),
validate(T.DocumentsSearchSchema), validate(T.DocumentsSearchSchema),
async (ctx: APIContext<T.DocumentsSearchReq>) => { async (ctx: APIContext<T.DocumentsSearchReq>) => {
const { const {
@@ -722,6 +723,7 @@ router.post(
optional: true, optional: true,
}), }),
pagination(), pagination(),
rateLimiter(RateLimiterStrategy.OneHundredPerMinute),
validate(T.DocumentsSearchSchema), validate(T.DocumentsSearchSchema),
async (ctx: APIContext<T.DocumentsSearchReq>) => { async (ctx: APIContext<T.DocumentsSearchReq>) => {
const { const {
@@ -839,6 +841,7 @@ router.post(
router.post( router.post(
"documents.templatize", "documents.templatize",
auth({ member: true }), auth({ member: true }),
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
validate(T.DocumentsTemplatizeSchema), validate(T.DocumentsTemplatizeSchema),
async (ctx: APIContext<T.DocumentsTemplatizeReq>) => { async (ctx: APIContext<T.DocumentsTemplatizeReq>) => {
const { id } = ctx.input.body; const { id } = ctx.input.body;
@@ -1163,6 +1166,7 @@ router.post(
router.post( router.post(
"documents.import", "documents.import",
auth(), auth(),
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
validate(T.DocumentsImportSchema), validate(T.DocumentsImportSchema),
transaction(), transaction(),
async (ctx: APIContext<T.DocumentsImportReq>) => { async (ctx: APIContext<T.DocumentsImportReq>) => {
@@ -1246,6 +1250,7 @@ router.post(
router.post( router.post(
"documents.create", "documents.create",
auth(), auth(),
rateLimiter(RateLimiterStrategy.TwentyFivePerMinute),
validate(T.DocumentsCreateSchema), validate(T.DocumentsCreateSchema),
transaction(), transaction(),
async (ctx: APIContext<T.DocumentsCreateReq>) => { async (ctx: APIContext<T.DocumentsCreateReq>) => {

15
server/utils/RateLimiter.ts
View File

@@ -56,11 +56,26 @@ export const RateLimiterStrategy = {
duration: 60, duration: 60,
requests: 10, requests: 10,
}, },
/** Allows twenty five requests per minute, per IP address */
TwentyFivePerMinute: {
duration: 60,
requests: 25,
},
/** Allows one hundred requests per minute, per IP address */
OneHundredPerMinute: {
duration: 60,
requests: 100,
},
/** Allows one thousand requests per hour, per IP address */ /** Allows one thousand requests per hour, per IP address */
OneThousandPerHour: { OneThousandPerHour: {
duration: 3600, duration: 3600,
requests: 1000, requests: 1000,
}, },
/** Allows one hunred requests per hour, per IP address */
OneHundredPerHour: {
duration: 3600,
requests: 100,
},
/** Allows ten requests per hour, per IP address */ /** Allows ten requests per hour, per IP address */
TenPerHour: { TenPerHour: {
duration: 3600, duration: 3600,