overleaf/services/web/app/coffee/Features/Uploads/UploadsRouter.coffee
Alasdair Smith f32ecc744c Merge pull request #1425 from sharelatex/spd-rate-limit-on-project-upload
Add rate limit on project upload

GitOrigin-RevId: e2da5fb1815d85d8e82fe2f4498786f1fc5b5727
2019-01-22 11:38:59 +00:00

35 lines
1.1 KiB
CoffeeScript

AuthorizationMiddlewear = require('../Authorization/AuthorizationMiddlewear')
AuthenticationController = require('../Authentication/AuthenticationController')
ProjectUploadController = require "./ProjectUploadController"
RateLimiterMiddlewear = require('../Security/RateLimiterMiddlewear')
Settings = require('settings-sharelatex')
multer = require('multer')
upload = multer(
dest: Settings.path.uploadFolder
limits: fileSize: Settings.maxUploadSize
)
module.exports =
apply: (webRouter, apiRouter) ->
webRouter.post '/project/new/upload',
AuthenticationController.requireLogin(),
RateLimiterMiddlewear.rateLimit({
endpointName: "project-upload"
maxRequests: 20
timeInterval: 60
}),
upload.single('qqfile'),
ProjectUploadController.uploadProject
webRouter.post '/Project/:Project_id/upload',
RateLimiterMiddlewear.rateLimit({
endpointName: "file-upload"
params: ["Project_id"]
maxRequests: 200
timeInterval: 60 * 30
}),
AuthenticationController.requireLogin(),
AuthorizationMiddlewear.ensureUserCanWriteProjectContent,
upload.single('qqfile'),
ProjectUploadController.uploadFile