jschaufuss/DiceCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added rate limiting to all methods

Browse Source
This commit is contained in:
Stefan Zermatten
2020-06-06 14:23:13 +02:00
parent 93d566e263
commit ea8d036c72
16 changed files with 252 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/imports/api/library/Libraries.js
View File

@@ -1,4 +1,5 @@
import { ValidatedMethod } from 'meteor/mdg:validated-method';
import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
import SimpleSchema from 'simpl-schema';
import SharingSchema from '/imports/api/sharing/SharingSchema.js';
import simpleSchemaMixin from '/imports/api/creature/mixins/simpleSchemaMixin.js';
@@ -65,6 +66,11 @@ const updateLibraryName = new ValidatedMethod({
type: String,
},
}).validator(),
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id, name}){
let library = Libraries.findOne(_id);
assertEditPermission(library, this.userId);
@@ -83,6 +89,11 @@ const setLibraryDefault = new ValidatedMethod({
type: Boolean,
},
}).validator(),
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id, isDefault}) {
if (!Meteor.users.isAdmin()){
throw new Meteor.Error('Permission denied', 'User must be admin to set libraries as default');
@@ -99,6 +110,11 @@ const removeLibrary = new ValidatedMethod({
regEx: SimpleSchema.RegEx.id
},
}).validator(),
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id}){
let library = Libraries.findOne(_id);
assertOwnership(library, this.userId);

31
app/imports/api/library/LibraryNodes.js
View File

@@ -1,6 +1,7 @@
import { Meteor } from 'meteor/meteor';
import { Mongo } from 'meteor/mongo';
import { ValidatedMethod } from 'meteor/mdg:validated-method';
import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
import SimpleSchema from 'simpl-schema';
import ColorSchema from '/imports/api/properties/subSchemas/ColorSchema.js';
import ChildSchema from '/imports/api/parenting/ChildSchema.js';
@@ -58,6 +59,11 @@ function assertNodeEditPermission(node, userId){
const insertNode = new ValidatedMethod({
name: 'libraryNodes.insert',
validate: null,
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run(libraryNode) {
delete libraryNode._id;
assertNodeEditPermission(libraryNode, this.userId);
@@ -73,6 +79,11 @@ const duplicateNode = new ValidatedMethod({
regEx: SimpleSchema.RegEx.Id,
}
}).validator(),
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id}) {
let libraryNode = LibraryNodes.findOne(_id);
assertNodeEditPermission(libraryNode, this.userId);
@@ -94,6 +105,11 @@ const updateLibraryNode = new ValidatedMethod({
return false;
}
},
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id, path, value}) {
let node = LibraryNodes.findOne(_id);
assertNodeEditPermission(node, this.userId);
@@ -114,6 +130,11 @@ const updateLibraryNode = new ValidatedMethod({
const pushToLibraryNode = new ValidatedMethod({
name: 'libraryNodes.push',
validate: null,
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id, path, value}){
let node = LibraryNodes.findOne(_id);
assertNodeEditPermission(node, this.userId);
@@ -128,6 +149,11 @@ const pushToLibraryNode = new ValidatedMethod({
const pullFromLibraryNode = new ValidatedMethod({
name: 'libraryNodes.pull',
validate: null,
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id, path, itemId}){
let node = LibraryNodes.findOne(_id);
assertNodeEditPermission(node, this.userId);
@@ -145,6 +171,11 @@ const softRemoveLibraryNode = new ValidatedMethod({
validate: new SimpleSchema({
_id: SimpleSchema.RegEx.Id
}).validator(),
mixins: [RateLimiterMixin],
rateLimit: {
numRequests: 5,
timeInterval: 5000,
},
run({_id}){
let node = LibraryNodes.findOne(_id);
assertNodeEditPermission(node, this.userId);