mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-30 20:31:34 +02:00
1a7a8b4082
[web] Add rate limits for subscription requests GitOrigin-RevId: 3cfdb80713c96d32f7d297f38ec306e2bf6ec9a6
171 lines
5.7 KiB
JavaScript
171 lines
5.7 KiB
JavaScript
const AuthenticationController = require('../Authentication/AuthenticationController')
|
|
const PermissionsController = require('../Authorization/PermissionsController')
|
|
const SubscriptionController = require('./SubscriptionController')
|
|
const SubscriptionGroupController = require('./SubscriptionGroupController')
|
|
const TeamInvitesController = require('./TeamInvitesController')
|
|
const { RateLimiter } = require('../../infrastructure/RateLimiter')
|
|
const RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
|
|
const Settings = require('@overleaf/settings')
|
|
|
|
const teamInviteRateLimiter = new RateLimiter('team-invite', {
|
|
points: 10,
|
|
duration: 60,
|
|
})
|
|
|
|
const subscriptionRateLimiter = new RateLimiter('subscription', {
|
|
points: 30,
|
|
duration: 60,
|
|
})
|
|
|
|
module.exports = {
|
|
apply(webRouter, privateApiRouter, publicApiRouter) {
|
|
if (!Settings.enableSubscriptions) {
|
|
return
|
|
}
|
|
|
|
webRouter.get(
|
|
'/user/subscription/plans',
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.plansPage
|
|
)
|
|
|
|
webRouter.get(
|
|
'/user/subscription',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
PermissionsController.useCapabilities(),
|
|
SubscriptionController.userSubscriptionPage
|
|
)
|
|
|
|
webRouter.get(
|
|
'/user/subscription/choose-your-plan',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.interstitialPaymentPage
|
|
)
|
|
|
|
webRouter.get(
|
|
'/user/subscription/thank-you',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.successfulSubscription
|
|
)
|
|
|
|
webRouter.get(
|
|
'/user/subscription/canceled',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.canceledSubscription
|
|
)
|
|
|
|
webRouter.get(
|
|
'/user/subscription/recurly/:pageType',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.redirectToHostedPage
|
|
)
|
|
|
|
webRouter.delete(
|
|
'/subscription/group/user',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
PermissionsController.requirePermission('leave-group-subscription'),
|
|
SubscriptionGroupController.removeSelfFromGroup
|
|
)
|
|
|
|
// Team invites
|
|
webRouter.get(
|
|
'/subscription/invites/:token/',
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
PermissionsController.useCapabilities(),
|
|
TeamInvitesController.viewInvite
|
|
)
|
|
webRouter.get(
|
|
'/subscription/invites/',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
PermissionsController.useCapabilities(),
|
|
TeamInvitesController.viewInvites
|
|
)
|
|
webRouter.put(
|
|
'/subscription/invites/:token/',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(teamInviteRateLimiter),
|
|
PermissionsController.requirePermission('join-subscription'),
|
|
TeamInvitesController.acceptInvite
|
|
)
|
|
|
|
// recurly callback
|
|
publicApiRouter.post(
|
|
'/user/subscription/callback',
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
AuthenticationController.requireBasicAuth({
|
|
[Settings.apis.recurly.webhookUser]: Settings.apis.recurly.webhookPass,
|
|
}),
|
|
SubscriptionController.recurlyNotificationParser,
|
|
SubscriptionController.recurlyCallback
|
|
)
|
|
|
|
// user changes their account state
|
|
webRouter.post(
|
|
'/user/subscription/update',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.updateSubscription
|
|
)
|
|
webRouter.post(
|
|
'/user/subscription/cancel-pending',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.cancelPendingSubscriptionChange
|
|
)
|
|
webRouter.post(
|
|
'/user/subscription/cancel',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.cancelSubscription
|
|
)
|
|
webRouter.post(
|
|
'/user/subscription/reactivate',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
PermissionsController.useCapabilities(),
|
|
SubscriptionController.reactivateSubscription
|
|
)
|
|
|
|
webRouter.post(
|
|
'/user/subscription/v1/cancel',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.cancelV1Subscription
|
|
)
|
|
|
|
webRouter.put(
|
|
'/user/subscription/extend',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.extendTrial
|
|
)
|
|
|
|
webRouter.get(
|
|
'/user/subscription/upgrade-annual',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.renderUpgradeToAnnualPlanPage
|
|
)
|
|
webRouter.post(
|
|
'/user/subscription/upgrade-annual',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.processUpgradeToAnnualPlan
|
|
)
|
|
|
|
webRouter.post(
|
|
'/user/subscription/account/email',
|
|
AuthenticationController.requireLogin(),
|
|
RateLimiterMiddleware.rateLimit(subscriptionRateLimiter),
|
|
SubscriptionController.updateAccountEmailAddress
|
|
)
|
|
},
|
|
}
|