agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-25 10:10:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c07d2f3fa2abaa0b026968096ca5625b8e97092f
overleaf-cep/services/web/app/src/Features/Editor/EditorRouter.js
Jakob Ackermann 385d3f9c1b Merge pull request #16980 from overleaf/jpa-join-project-remove-sl-2 
[misc] joinProject: pass userId and anonymous access token in body 2/2

GitOrigin-RevId: b1a11941a6d9c7cc779769d1e97d3a0f03bed610
2024-02-13 09:03:39 +00:00

87 lines
3.0 KiB
JavaScript
Raw Blame History

const EditorHttpController = require('./EditorHttpController')
const AuthenticationController = require('../Authentication/AuthenticationController')
const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
const { RateLimiter } = require('../../infrastructure/RateLimiter')
const RateLimiterMiddleware = require('../Security/RateLimiterMiddleware')
const { validate, Joi } = require('../../infrastructure/Validation')
const rateLimiters = {
addDocToProject: new RateLimiter('add-doc-to-project', {
points: 30,
duration: 60,
}),
addFolderToProject: new RateLimiter('add-folder-to-project', {
points: 60,
duration: 60,
}),
joinProject: new RateLimiter('join-project', { points: 45, duration: 60 }),
}
module.exports = {
apply(webRouter, privateApiRouter) {
webRouter.post(
'/project/:Project_id/doc',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
RateLimiterMiddleware.rateLimit(rateLimiters.addDocToProject, {
params: ['Project_id'],
}),
EditorHttpController.addDoc
)
webRouter.post(
'/project/:Project_id/folder',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
RateLimiterMiddleware.rateLimit(rateLimiters.addFolderToProject, {
params: ['Project_id'],
}),
EditorHttpController.addFolder
)
webRouter.post(
'/project/:Project_id/:entity_type/:entity_id/rename',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
EditorHttpController.renameEntity
)
webRouter.post(
'/project/:Project_id/:entity_type/:entity_id/move',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
EditorHttpController.moveEntity
)
webRouter.delete(
'/project/:Project_id/file/:entity_id',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
EditorHttpController.deleteFile
)
webRouter.delete(
'/project/:Project_id/doc/:entity_id',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
EditorHttpController.deleteDoc
)
webRouter.delete(
'/project/:Project_id/folder/:entity_id',
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
EditorHttpController.deleteFolder
)
// Called by the real-time API to load up the current project state.
// This is a post request because it's more than just a getting of data. We take actions
// whenever a user joins a project, like updating the deleted status.
privateApiRouter.post(
'/project/:Project_id/join',
AuthenticationController.requirePrivateApiAuth(),
RateLimiterMiddleware.rateLimit(rateLimiters.joinProject, {
params: ['Project_id'],
// keep schema in sync with controller
getUserId: req => req.body.userId,
}),
validate({
body: Joi.object({
userId: Joi.string().required(),
anonymousAccessToken: Joi.string().optional(),
}),
}),
EditorHttpController.joinProject
)
},
}
Reference in New Issue View Git Blame Copy Permalink