overleaf/services/web/app/src/Features/Uploads/UploadsRouter.js
Miguel Serrano 28fd277172 Disabled login requirement to upload files for write shared projects (#2294)
GitOrigin-RevId: b24edd10dbe21845ff9199fc4120678cfa04ddcd
2019-11-06 10:12:33 +00:00

47 lines
1.6 KiB
JavaScript

const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
const AuthenticationController = require('../Authentication/AuthenticationController')
const ProjectUploadController = require('./ProjectUploadController')
const RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
const Settings = require('settings-sharelatex')
module.exports = {
apply(webRouter, apiRouter) {
webRouter.post(
'/project/new/upload',
AuthenticationController.requireLogin(),
RateLimiterMiddleware.rateLimit({
endpointName: 'project-upload',
maxRequests: 20,
timeInterval: 60
}),
ProjectUploadController.multerMiddleware,
ProjectUploadController.uploadProject
)
const fileUploadEndpoint = '/Project/:Project_id/upload'
const fileUploadRateLimit = RateLimiterMiddleware.rateLimit({
endpointName: 'file-upload',
params: ['Project_id'],
maxRequests: 200,
timeInterval: 60 * 30
})
if (Settings.allowAnonymousReadAndWriteSharing) {
webRouter.post(
fileUploadEndpoint,
fileUploadRateLimit,
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
ProjectUploadController.multerMiddleware,
ProjectUploadController.uploadFile
)
} else {
webRouter.post(
fileUploadEndpoint,
fileUploadRateLimit,
AuthenticationController.requireLogin(),
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
ProjectUploadController.multerMiddleware,
ProjectUploadController.uploadFile
)
}
}
}