added rate limit on server side for file uploads

2024-09-16 02:52:31 -04:00 · 2015-12-01 13:08:49 +00:00 · 2015-12-01 13:08:49 +00:00 · 8590af3e49
commit 8590af3e49
parent a6aea41fb1
4 changed files with 18 additions and 0 deletions
--- a/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee
+++ b/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee
@ -1,13 +1,21 @@
 SecurityManager = require('../../managers/SecurityManager')
 AuthenticationController = require('../Authentication/AuthenticationController')
 ProjectUploadController = require "./ProjectUploadController"
+RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')

 module.exports =
 	apply: (webRouter, apiRouter) ->
 		webRouter.post '/project/new/upload',
 			AuthenticationController.requireLogin(),
 			ProjectUploadController.uploadProject
+
 		webRouter.post '/Project/:Project_id/upload',
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: "file-upload"
+				params: ["Project_id"]
+				maxRequests: 100
+				timeInterval: 60 * 20
+			}),
 			SecurityManager.requestCanModifyProject,
 			ProjectUploadController.uploadFile

--- a/services/web/app/views/project/editor/file-tree.jade
+++ b/services/web/app/views/project/editor/file-tree.jade
@ -356,6 +356,7 @@ script(type="text/ng-template", id="uploadFileModalTemplate")
 		h3 #{translate("upload_files")}
 		span &nbsp;
 		.alert.alert-warning.small(ng-if="tooManyFiles") #{translate("maximum_files_uploaded_together", {max:"{{max_files}}"})}
+		.alert.alert-warning.small(ng-if="rateLimitHit") Too many files uploaded, your uploads have been throttled for short period.

 	.modal-body(
 		fine-upload
@ -369,6 +370,7 @@ script(type="text/ng-template", id="uploadFileModalTemplate")
 		on-complete-callback="onComplete"
 		on-upload-callback="onUpload"
 		on-validate-batch="onValidateBatch"
+		on-error-callback="onError"
 		params="{'folder_id': parent_folder_id}"
 	)
 		span #{translate("upload_files")}
--- a/services/web/public/coffee/directives/fineUpload.coffee
+++ b/services/web/public/coffee/directives/fineUpload.coffee
@ -15,6 +15,7 @@ define [
 				onCompleteCallback: "="
 				onUploadCallback: "="
 				onValidateBatch: "="
+				onErrorCallback: "="
 				params: "="
 			}
 			link: (scope, element, attrs) ->
@ -34,6 +35,7 @@ define [

 				onComplete = scope.onCompleteCallback or () ->
 				onUpload   = scope.onUploadCallback or () ->
+				onError   = scope.onErrorCallback or () ->
 				onValidateBatch = scope.onValidateBatch or () ->
 				params     = scope.params or {}
 				params._csrf = window.csrfToken
@ -52,6 +54,7 @@ define [
 						onComplete: onComplete
 						onUpload:   onUpload
 						onValidateBatch: onValidateBatch
+						onError: onError
 					text: text
 					template: """
 						<div class="qq-uploader">
--- a/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee
+++ b/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee
@ -103,6 +103,8 @@ define [
 		($scope,   ide,   $modalInstance,   $timeout,   parent_folder) ->
 			$scope.parent_folder_id = parent_folder?.id
 			$scope.tooManyFiles = false
+			$scope.rateLimitHit = false
+
 			uploadCount = 0
 			$scope.onUpload = () ->
 				uploadCount++
@ -124,6 +126,9 @@ define [
 				else
 					return true

+			$scope.onError = (id, name, reason)->
+				if reason.indexOf("429") != -1
+					$scope.rateLimitHit = true

 			$scope.cancel = () ->
 				$modalInstance.dismiss('cancel')