From 7e7662096a968c6c86c28444ba8922b211b0389c Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Tue, 13 Apr 2021 11:38:40 +0200 Subject: [PATCH 1/6] feat: add abuse limit to team invite --- app/controllers/api/teams.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 847b37484d..145b78411a 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -261,6 +261,7 @@ App::post('/v1/teams/:teamId/memberships') ->label('sdk.response.code', Response::STATUS_CODE_CREATED) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_MEMBERSHIP) + ->label('abuse-limit', 10) ->param('teamId', '', new UID(), 'Team unique ID.') ->param('email', '', new Email(), 'New team member email.') ->param('name', '', new Text(128), 'New team member name. Max length: 128 chars.', true) From 3e2dcb2cac36a722dcbdfc1338de359efff4f322 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Tue, 13 Apr 2021 11:38:48 +0200 Subject: [PATCH 2/6] feat: add abuse limit to file upload --- app/controllers/api/storage.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index f0ce2e4050..b7f08fb2ab 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -37,6 +37,7 @@ App::post('/v1/storage/files') ->label('sdk.response.code', Response::STATUS_CODE_CREATED) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_FILE) + ->label('abuse-limit', 60) ->param('file', [], new File(), 'Binary file.', false) ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) From e0fa4d6856a1de4aab72700a8b4019d5604ecc9c Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Tue, 13 Apr 2021 11:41:10 +0200 Subject: [PATCH 3/6] fix: adapt storage limit --- app/controllers/api/storage.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index b7f08fb2ab..41a7a50e5f 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -37,7 +37,8 @@ App::post('/v1/storage/files') ->label('sdk.response.code', Response::STATUS_CODE_CREATED) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_FILE) - ->label('abuse-limit', 60) + ->label('abuse-limit', 50) + ->label('abuse-key', 'ip:{ip}') ->param('file', [], new File(), 'Binary file.', false) ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) From 282bdd3a14884736c3d7d9f8cd0ec3abebcb920b Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Wed, 14 Apr 2021 10:20:05 +0200 Subject: [PATCH 4/6] changelog: updated! --- CHANGES.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 5ab7f0d4e4..bccccb3118 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,10 +3,17 @@ ## Features - Anonymous login + ## Bugs - Fixed default value for HTTPS force option +## Breaking Changes (Read before upgrading!) + +- Introdcues rate limits for: + - Team invite (10 requests in every 60 minutes per IP address) + - File upload (50 requests in every 60 minutes per IP address) + # Version 0.7.2 ## Features From 15c80628ac612412504a531a6647b102e4d8e5b5 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Thu, 15 Apr 2021 09:45:05 +0200 Subject: [PATCH 5/6] Update storage.php --- app/controllers/api/storage.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 41a7a50e5f..f0ce2e4050 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -37,8 +37,6 @@ App::post('/v1/storage/files') ->label('sdk.response.code', Response::STATUS_CODE_CREATED) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_FILE) - ->label('abuse-limit', 50) - ->label('abuse-key', 'ip:{ip}') ->param('file', [], new File(), 'Binary file.', false) ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) From 9b4fca1212fa69ae8d775842a259fc28465712c7 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Thu, 15 Apr 2021 09:45:20 +0200 Subject: [PATCH 6/6] Update CHANGES.md --- CHANGES.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index bccccb3118..d3d5c2fc54 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -12,7 +12,6 @@ - Introdcues rate limits for: - Team invite (10 requests in every 60 minutes per IP address) - - File upload (50 requests in every 60 minutes per IP address) # Version 0.7.2