From 8590af3e49ecca4df5b497a5949303649694f16b Mon Sep 17 00:00:00 2001 From: Henry Oswald Date: Tue, 1 Dec 2015 13:08:49 +0000 Subject: [PATCH] added rate limit on server side for file uploads --- .../web/app/coffee/Features/Uploads/UploadsRouter.coffee | 8 ++++++++ services/web/app/views/project/editor/file-tree.jade | 2 ++ services/web/public/coffee/directives/fineUpload.coffee | 3 +++ .../ide/file-tree/controllers/FileTreeController.coffee | 5 +++++ 4 files changed, 18 insertions(+) diff --git a/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee b/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee index bf4b9f3ea4..63ad6eb96d 100644 --- a/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee +++ b/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee @@ -1,13 +1,21 @@ SecurityManager = require('../../managers/SecurityManager') AuthenticationController = require('../Authentication/AuthenticationController') ProjectUploadController = require "./ProjectUploadController" +RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear') module.exports = apply: (webRouter, apiRouter) -> webRouter.post '/project/new/upload', AuthenticationController.requireLogin(), ProjectUploadController.uploadProject + webRouter.post '/Project/:Project_id/upload', + RateLimiterMiddlewear.rateLimit({ + endpointName: "file-upload" + params: ["Project_id"] + maxRequests: 100 + timeInterval: 60 * 20 + }), SecurityManager.requestCanModifyProject, ProjectUploadController.uploadFile diff --git a/services/web/app/views/project/editor/file-tree.jade b/services/web/app/views/project/editor/file-tree.jade index 20654953a6..348b7e1054 100644 --- a/services/web/app/views/project/editor/file-tree.jade +++ b/services/web/app/views/project/editor/file-tree.jade @@ -356,6 +356,7 @@ script(type="text/ng-template", id="uploadFileModalTemplate") h3 #{translate("upload_files")} span   .alert.alert-warning.small(ng-if="tooManyFiles") #{translate("maximum_files_uploaded_together", {max:"{{max_files}}"})} + .alert.alert-warning.small(ng-if="rateLimitHit") Too many files uploaded, your uploads have been throttled for short period. .modal-body( fine-upload @@ -369,6 +370,7 @@ script(type="text/ng-template", id="uploadFileModalTemplate") on-complete-callback="onComplete" on-upload-callback="onUpload" on-validate-batch="onValidateBatch" + on-error-callback="onError" params="{'folder_id': parent_folder_id}" ) span #{translate("upload_files")} diff --git a/services/web/public/coffee/directives/fineUpload.coffee b/services/web/public/coffee/directives/fineUpload.coffee index d5a994dd1d..2fad1acf17 100644 --- a/services/web/public/coffee/directives/fineUpload.coffee +++ b/services/web/public/coffee/directives/fineUpload.coffee @@ -15,6 +15,7 @@ define [ onCompleteCallback: "=" onUploadCallback: "=" onValidateBatch: "=" + onErrorCallback: "=" params: "=" } link: (scope, element, attrs) -> @@ -34,6 +35,7 @@ define [ onComplete = scope.onCompleteCallback or () -> onUpload = scope.onUploadCallback or () -> + onError = scope.onErrorCallback or () -> onValidateBatch = scope.onValidateBatch or () -> params = scope.params or {} params._csrf = window.csrfToken @@ -52,6 +54,7 @@ define [ onComplete: onComplete onUpload: onUpload onValidateBatch: onValidateBatch + onError: onError text: text template: """
diff --git a/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee b/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee index 07edeac808..489c8e200d 100644 --- a/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee +++ b/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee @@ -103,6 +103,8 @@ define [ ($scope, ide, $modalInstance, $timeout, parent_folder) -> $scope.parent_folder_id = parent_folder?.id $scope.tooManyFiles = false + $scope.rateLimitHit = false + uploadCount = 0 $scope.onUpload = () -> uploadCount++ @@ -124,6 +126,9 @@ define [ else return true + $scope.onError = (id, name, reason)-> + if reason.indexOf("429") != -1 + $scope.rateLimitHit = true $scope.cancel = () -> $modalInstance.dismiss('cancel')