mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
added rate limit on server side for file uploads
This commit is contained in:
parent
a6aea41fb1
commit
8590af3e49
4 changed files with 18 additions and 0 deletions
|
@ -1,13 +1,21 @@
|
||||||
SecurityManager = require('../../managers/SecurityManager')
|
SecurityManager = require('../../managers/SecurityManager')
|
||||||
AuthenticationController = require('../Authentication/AuthenticationController')
|
AuthenticationController = require('../Authentication/AuthenticationController')
|
||||||
ProjectUploadController = require "./ProjectUploadController"
|
ProjectUploadController = require "./ProjectUploadController"
|
||||||
|
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
|
||||||
|
|
||||||
module.exports =
|
module.exports =
|
||||||
apply: (webRouter, apiRouter) ->
|
apply: (webRouter, apiRouter) ->
|
||||||
webRouter.post '/project/new/upload',
|
webRouter.post '/project/new/upload',
|
||||||
AuthenticationController.requireLogin(),
|
AuthenticationController.requireLogin(),
|
||||||
ProjectUploadController.uploadProject
|
ProjectUploadController.uploadProject
|
||||||
|
|
||||||
webRouter.post '/Project/:Project_id/upload',
|
webRouter.post '/Project/:Project_id/upload',
|
||||||
|
RateLimiterMiddlewear.rateLimit({
|
||||||
|
endpointName: "file-upload"
|
||||||
|
params: ["Project_id"]
|
||||||
|
maxRequests: 100
|
||||||
|
timeInterval: 60 * 20
|
||||||
|
}),
|
||||||
SecurityManager.requestCanModifyProject,
|
SecurityManager.requestCanModifyProject,
|
||||||
ProjectUploadController.uploadFile
|
ProjectUploadController.uploadFile
|
||||||
|
|
||||||
|
|
|
@ -356,6 +356,7 @@ script(type="text/ng-template", id="uploadFileModalTemplate")
|
||||||
h3 #{translate("upload_files")}
|
h3 #{translate("upload_files")}
|
||||||
span
|
span
|
||||||
.alert.alert-warning.small(ng-if="tooManyFiles") #{translate("maximum_files_uploaded_together", {max:"{{max_files}}"})}
|
.alert.alert-warning.small(ng-if="tooManyFiles") #{translate("maximum_files_uploaded_together", {max:"{{max_files}}"})}
|
||||||
|
.alert.alert-warning.small(ng-if="rateLimitHit") Too many files uploaded, your uploads have been throttled for short period.
|
||||||
|
|
||||||
.modal-body(
|
.modal-body(
|
||||||
fine-upload
|
fine-upload
|
||||||
|
@ -369,6 +370,7 @@ script(type="text/ng-template", id="uploadFileModalTemplate")
|
||||||
on-complete-callback="onComplete"
|
on-complete-callback="onComplete"
|
||||||
on-upload-callback="onUpload"
|
on-upload-callback="onUpload"
|
||||||
on-validate-batch="onValidateBatch"
|
on-validate-batch="onValidateBatch"
|
||||||
|
on-error-callback="onError"
|
||||||
params="{'folder_id': parent_folder_id}"
|
params="{'folder_id': parent_folder_id}"
|
||||||
)
|
)
|
||||||
span #{translate("upload_files")}
|
span #{translate("upload_files")}
|
||||||
|
|
|
@ -15,6 +15,7 @@ define [
|
||||||
onCompleteCallback: "="
|
onCompleteCallback: "="
|
||||||
onUploadCallback: "="
|
onUploadCallback: "="
|
||||||
onValidateBatch: "="
|
onValidateBatch: "="
|
||||||
|
onErrorCallback: "="
|
||||||
params: "="
|
params: "="
|
||||||
}
|
}
|
||||||
link: (scope, element, attrs) ->
|
link: (scope, element, attrs) ->
|
||||||
|
@ -34,6 +35,7 @@ define [
|
||||||
|
|
||||||
onComplete = scope.onCompleteCallback or () ->
|
onComplete = scope.onCompleteCallback or () ->
|
||||||
onUpload = scope.onUploadCallback or () ->
|
onUpload = scope.onUploadCallback or () ->
|
||||||
|
onError = scope.onErrorCallback or () ->
|
||||||
onValidateBatch = scope.onValidateBatch or () ->
|
onValidateBatch = scope.onValidateBatch or () ->
|
||||||
params = scope.params or {}
|
params = scope.params or {}
|
||||||
params._csrf = window.csrfToken
|
params._csrf = window.csrfToken
|
||||||
|
@ -52,6 +54,7 @@ define [
|
||||||
onComplete: onComplete
|
onComplete: onComplete
|
||||||
onUpload: onUpload
|
onUpload: onUpload
|
||||||
onValidateBatch: onValidateBatch
|
onValidateBatch: onValidateBatch
|
||||||
|
onError: onError
|
||||||
text: text
|
text: text
|
||||||
template: """
|
template: """
|
||||||
<div class="qq-uploader">
|
<div class="qq-uploader">
|
||||||
|
|
|
@ -103,6 +103,8 @@ define [
|
||||||
($scope, ide, $modalInstance, $timeout, parent_folder) ->
|
($scope, ide, $modalInstance, $timeout, parent_folder) ->
|
||||||
$scope.parent_folder_id = parent_folder?.id
|
$scope.parent_folder_id = parent_folder?.id
|
||||||
$scope.tooManyFiles = false
|
$scope.tooManyFiles = false
|
||||||
|
$scope.rateLimitHit = false
|
||||||
|
|
||||||
uploadCount = 0
|
uploadCount = 0
|
||||||
$scope.onUpload = () ->
|
$scope.onUpload = () ->
|
||||||
uploadCount++
|
uploadCount++
|
||||||
|
@ -124,6 +126,9 @@ define [
|
||||||
else
|
else
|
||||||
return true
|
return true
|
||||||
|
|
||||||
|
$scope.onError = (id, name, reason)->
|
||||||
|
if reason.indexOf("429") != -1
|
||||||
|
$scope.rateLimitHit = true
|
||||||
|
|
||||||
$scope.cancel = () ->
|
$scope.cancel = () ->
|
||||||
$modalInstance.dismiss('cancel')
|
$modalInstance.dismiss('cancel')
|
||||||
|
|
Loading…
Reference in a new issue