feat: common attachment endpoint follow-up changes (#7826)

2023-09-01 15:18:48 +07:00
parent 2acf09b3eb
commit 9ebabb9832
14 changed files with 11 additions and 114 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -137,6 +137,11 @@ class Rack::Attack
    match_data[:account_id] if match_data.present?
  end

+  ## Prevent Abuse of attachment upload APIs ##
+  throttle('/api/v1/upload', limit: 60, period: 1.hour) do |req|
+    req.ip if req.path_without_extentions == '/api/v1/upload' && req.post?
+  end
+
  ## ----------------------------------------------- ##
 end

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -58,11 +58,9 @@ Rails.application.routes.draw do
          resources :canned_responses, only: [:index, :create, :update, :destroy]
          resources :automation_rules, only: [:index, :create, :show, :update, :destroy] do
            post :clone
-            post :attach_file, on: :collection
          end
          resources :macros, only: [:index, :create, :show, :update, :destroy] do
            post :execute, on: :member
-            post :attach_file, on: :collection
          end
          resources :sla_policies, only: [:index, :create, :show, :update, :destroy]
          resources :campaigns, only: [:index, :create, :show, :update, :destroy]
@@ -214,10 +212,8 @@ Rails.application.routes.draw do
              patch :archive
              put :add_members
            end
-            post :attach_file, on: :collection
            resources :categories
            resources :articles do
-              post :attach_file, on: :collection
              post :reorder, on: :collection
            end
          end