github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

Rate-limit calls to invite api

Browse source
This commit is contained in:
Shane Kilkelly 2016-08-04 09:50:47 +01:00
parent 721ea88bd0
commit 092c036406
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
View file

@ -2,6 +2,7 @@ CollaboratorsController = require('./CollaboratorsController')
AuthenticationController = require('../Authentication/AuthenticationController') AuthenticationController = require('../Authentication/AuthenticationController')
AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear') AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
CollaboratorsInviteController = require('./CollaboratorsInviteController') CollaboratorsInviteController = require('./CollaboratorsInviteController')
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
module.exports = module.exports =
apply: (webRouter, apiRouter) -> apply: (webRouter, apiRouter) ->
@ -13,24 +14,40 @@ module.exports =
# invites # invites
webRouter.post( webRouter.post(
'/project/:Project_id/invite', '/project/:Project_id/invite',
RateLimiterMiddlewear.rateLimit({
endpointName: "invite-to-project"
params: ["Project_id"]
maxRequests: 200
timeInterval: 60 * 10
}),
AuthenticationController.requireLogin(),
AuthorizationMiddlewear.ensureUserCanAdminProject, AuthorizationMiddlewear.ensureUserCanAdminProject,
CollaboratorsInviteController.inviteToProject CollaboratorsInviteController.inviteToProject
) )
webRouter.get( webRouter.get(
'/project/:Project_id/invite', '/project/:Project_id/invite',
AuthenticationController.requireLogin(),
AuthorizationMiddlewear.ensureUserCanAdminProject, AuthorizationMiddlewear.ensureUserCanAdminProject,
CollaboratorsInviteController.getAllInvites CollaboratorsInviteController.getAllInvites
) )
webRouter.delete( webRouter.delete(
'/project/:Project_id/invite/:invite_id', '/project/:Project_id/invite/:invite_id',
AuthenticationController.requireLogin(),
AuthorizationMiddlewear.ensureUserCanAdminProject, AuthorizationMiddlewear.ensureUserCanAdminProject,
CollaboratorsInviteController.revokeInvite CollaboratorsInviteController.revokeInvite
) )
webRouter.post( webRouter.post(
'/project/:Project_id/invite/:invite_id/resend', '/project/:Project_id/invite/:invite_id/resend',
RateLimiterMiddlewear.rateLimit({
endpointName: "resend-invite"
params: ["Project_id"]
maxRequests: 200
timeInterval: 60 * 10
}),
AuthenticationController.requireLogin(),
AuthorizationMiddlewear.ensureUserCanAdminProject, AuthorizationMiddlewear.ensureUserCanAdminProject,
CollaboratorsInviteController.resendInvite CollaboratorsInviteController.resendInvite
) )