2019-05-29 05:21:06 -04:00
|
|
|
const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
|
|
|
|
const AuthenticationController = require('../Authentication/AuthenticationController')
|
|
|
|
const ProjectUploadController = require('./ProjectUploadController')
|
|
|
|
const RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
|
|
|
const Settings = require('settings-sharelatex')
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
apply(webRouter, apiRouter) {
|
|
|
|
webRouter.post(
|
|
|
|
'/project/new/upload',
|
|
|
|
AuthenticationController.requireLogin(),
|
|
|
|
RateLimiterMiddleware.rateLimit({
|
|
|
|
endpointName: 'project-upload',
|
|
|
|
maxRequests: 20,
|
|
|
|
timeInterval: 60
|
|
|
|
}),
|
|
|
|
ProjectUploadController.multerMiddleware,
|
|
|
|
ProjectUploadController.uploadProject
|
|
|
|
)
|
|
|
|
|
2019-11-06 04:50:35 -05:00
|
|
|
const fileUploadEndpoint = '/Project/:Project_id/upload'
|
|
|
|
const fileUploadRateLimit = RateLimiterMiddleware.rateLimit({
|
|
|
|
endpointName: 'file-upload',
|
|
|
|
params: ['Project_id'],
|
|
|
|
maxRequests: 200,
|
|
|
|
timeInterval: 60 * 30
|
|
|
|
})
|
|
|
|
if (Settings.allowAnonymousReadAndWriteSharing) {
|
|
|
|
webRouter.post(
|
|
|
|
fileUploadEndpoint,
|
|
|
|
fileUploadRateLimit,
|
|
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
|
|
ProjectUploadController.multerMiddleware,
|
|
|
|
ProjectUploadController.uploadFile
|
|
|
|
)
|
|
|
|
} else {
|
|
|
|
webRouter.post(
|
|
|
|
fileUploadEndpoint,
|
|
|
|
fileUploadRateLimit,
|
|
|
|
AuthenticationController.requireLogin(),
|
|
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
|
|
ProjectUploadController.multerMiddleware,
|
|
|
|
ProjectUploadController.uploadFile
|
|
|
|
)
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
}
|