Limity na editaci a zakaz likovani navrhu postupu regp

906216af · Andrej Ramašeuski · cfbfd857 · 906216af · 906216af · 906216af
Verified Commit 906216af authored Jan 6, 2021 by Andrej Ramašeuski
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: docker:19.03.12

 variables:
  DOCKER_TLS_CERTDIR: "/certs"
-  IMAGE_VER: 1.8.4
+  IMAGE_VER: 1.9.0

 services:
  - docker:19.03.12-dind

--- a/cf.conf
+++ b/cf.conf
@@ -7,4 +7,7 @@
  jitsi_room           => 'cf2021',
  jitsi_token_secret   => 'UtfkxQEpudmCh2MKLXrRmHAXoQwg5twF',
  jitsi_token_lifetime => 300,
+  limit_post_count     => 64,
+  limit_post_add_rate  => 1,
+  limit_post_edit_rate => 4,
 }
--- a/lib/CF.pm
+++ b/lib/CF.pm
@@ -46,7 +46,7 @@ sub startup {
        plugins                        => [qw(+SpecRenderer +Cors +Security)],
        render_specification           => 1,
        render_specification_for_paths => 1,
-        default_response_codes         => [400, 401, 403, 404, 500, 501],
+        default_response_codes         => [400, 401, 403, 404, 429, 500, 501],

        security => {
            Bearer => sub {

--- a/lib/CF/Controller/Posts.pm
+++ b/lib/CF/Controller/Posts.pm
@@ -31,6 +31,26 @@ sub create ($c) {
        return $c->error(403, 'Debate closed');
    }

+    # limit poctu prispevku jedneho uzivatele k jednemu bodu
+    my $limit = $c->schema->resultset('Post')->count({
+        program_entry_id => $program_entry->id,
+        user_id          => $c->user->{id},
+    });
+
+    if ( $limit > $c->cfg->{limit_post_count}) {
+        return $c->error(429, 'Too many post from user');
+    }
+
+    # limit poctu prispevku za minutu
+    $limit = $c->schema->resultset('Post')->count({
+        user_id          => $c->user->{id},
+        datetime         => { '>' => \"now()-'1 min'::interval" },
+    });
+
+    if ( $limit >= $c->cfg->{limit_post_add_rate}) {
+        return $c->error(429, 'Too many posts per minute');
+    }
+
    my $post = $program_entry->add_to_posts({
        user_id          => $c->user->{id},
        type             => $args->{type},
@@ -159,6 +179,17 @@ sub update ($c) {
    my $post = $c->schema->resultset('Post')->find($c->stash->{id});
    return $c->error(404, 'Post not found') if ! $post;

+    # limit poctu prispevku za minutu
+    my $limit = $c->schema->resultset('PostHistory')->count({
+        user_id  => $c->user->{id},
+        post_id  => $post->id,
+        datetime => { '>' => \"now()-'1 min'::interval" },
+    });
+
+    if ( $limit >= $c->cfg->{limit_post_edit_rate}) {
+        return $c->error(429, 'Too many posts changes per minute');
+    }
+
    if ( ! $c->user_roles->{chairman} ) {
        if ( $post->user_id != $c->user->{id} ) {
            return $c->error(403, 'Access deined');
@@ -254,6 +285,11 @@ sub ranking ($c) {
    my $post = $c->schema->resultset('Post')->find($c->stash->{id});
    return $c->error(404, 'Post not found') if ! $post;

+    if ( $post->type == 0 and ! $c->user_roles->{member} ) {
+        $c->render(status => 403, text => '');
+        return;
+    }
+
    my $user_ranking = $post->rankings({
        user_id => $c->user->{id},
    })->first;
@@ -312,4 +348,8 @@ sub ranking ($c) {
    $c->render(status => 204, text => '');
 }

+
+
+
+
 1;