Antoine Clausse
71f0b28a84
* Rename files to mjs * Rename test files to mjs * Update CODEOWNERS * Update files to ESM * Update test files to ESM * Update RestoreManager.test.mjs * Remove unused `AdminAuthorizationHelper` mock and stub * Remove unnecessary return GitOrigin-RevId: 2b9ef126de1d8964afbc6e5641cca36712655866
87 lines
3.0 KiB
JavaScript
87 lines
3.0 KiB
JavaScript
import EditorHttpController from './EditorHttpController.mjs'
|
|
import AuthenticationController from '../Authentication/AuthenticationController.js'
|
|
import AuthorizationMiddleware from '../Authorization/AuthorizationMiddleware.mjs'
|
|
import { RateLimiter } from '../../infrastructure/RateLimiter.js'
|
|
import RateLimiterMiddleware from '../Security/RateLimiterMiddleware.js'
|
|
import { validate, Joi } from '../../infrastructure/Validation.js'
|
|
|
|
const rateLimiters = {
|
|
addDocToProject: new RateLimiter('add-doc-to-project', {
|
|
points: 30,
|
|
duration: 60,
|
|
}),
|
|
addFolderToProject: new RateLimiter('add-folder-to-project', {
|
|
points: 60,
|
|
duration: 60,
|
|
}),
|
|
joinProject: new RateLimiter('join-project', { points: 45, duration: 60 }),
|
|
}
|
|
|
|
export default {
|
|
apply(webRouter, privateApiRouter) {
|
|
webRouter.post(
|
|
'/project/:Project_id/doc',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
RateLimiterMiddleware.rateLimit(rateLimiters.addDocToProject, {
|
|
params: ['Project_id'],
|
|
}),
|
|
EditorHttpController.addDoc
|
|
)
|
|
webRouter.post(
|
|
'/project/:Project_id/folder',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
RateLimiterMiddleware.rateLimit(rateLimiters.addFolderToProject, {
|
|
params: ['Project_id'],
|
|
}),
|
|
EditorHttpController.addFolder
|
|
)
|
|
|
|
webRouter.post(
|
|
'/project/:Project_id/:entity_type/:entity_id/rename',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
EditorHttpController.renameEntity
|
|
)
|
|
webRouter.post(
|
|
'/project/:Project_id/:entity_type/:entity_id/move',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
EditorHttpController.moveEntity
|
|
)
|
|
|
|
webRouter.delete(
|
|
'/project/:Project_id/file/:entity_id',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
EditorHttpController.deleteFile
|
|
)
|
|
webRouter.delete(
|
|
'/project/:Project_id/doc/:entity_id',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
EditorHttpController.deleteDoc
|
|
)
|
|
webRouter.delete(
|
|
'/project/:Project_id/folder/:entity_id',
|
|
AuthorizationMiddleware.ensureUserCanWriteProjectContent,
|
|
EditorHttpController.deleteFolder
|
|
)
|
|
|
|
// Called by the real-time API to load up the current project state.
|
|
// This is a post request because it's more than just a getting of data. We take actions
|
|
// whenever a user joins a project, like updating the deleted status.
|
|
privateApiRouter.post(
|
|
'/project/:Project_id/join',
|
|
AuthenticationController.requirePrivateApiAuth(),
|
|
RateLimiterMiddleware.rateLimit(rateLimiters.joinProject, {
|
|
params: ['Project_id'],
|
|
// keep schema in sync with controller
|
|
getUserId: req => req.body.userId,
|
|
}),
|
|
validate({
|
|
body: Joi.object({
|
|
userId: Joi.string().required(),
|
|
anonymousAccessToken: Joi.string().optional(),
|
|
}),
|
|
}),
|
|
EditorHttpController.joinProject
|
|
)
|
|
},
|
|
}
|