From 906216affcd983299e63c4f06dc92d8a4d6592b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrej=20Rama=C5=A1euski?= <andrej@x2.cz>
Date: Thu, 7 Jan 2021 00:19:00 +0100
Subject: [PATCH] Limity na editaci a zakaz likovani navrhu postupu regp
---
.gitlab-ci.yml | 2 +-
cf.conf | 3 +++
lib/CF.pm | 2 +-
lib/CF/Controller/Posts.pm | 40 ++++++++++++++++++++++++++++++++++++++
4 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b50be78..cea2c7e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: docker:19.03.12
variables:
DOCKER_TLS_CERTDIR: "/certs"
- IMAGE_VER: 1.8.4
+ IMAGE_VER: 1.9.0
services:
- docker:19.03.12-dind
diff --git a/cf.conf b/cf.conf
index 6e08762..268c996 100644
--- a/cf.conf
+++ b/cf.conf
@@ -7,4 +7,7 @@
jitsi_room => 'cf2021',
jitsi_token_secret => 'UtfkxQEpudmCh2MKLXrRmHAXoQwg5twF',
jitsi_token_lifetime => 300,
+ limit_post_count => 64,
+ limit_post_add_rate => 1,
+ limit_post_edit_rate => 4,
}
diff --git a/lib/CF.pm b/lib/CF.pm
index fae3ee9..a703d0a 100644
--- a/lib/CF.pm
+++ b/lib/CF.pm
@@ -46,7 +46,7 @@ sub startup {
plugins => [qw(+SpecRenderer +Cors +Security)],
render_specification => 1,
render_specification_for_paths => 1,
- default_response_codes => [400, 401, 403, 404, 500, 501],
+ default_response_codes => [400, 401, 403, 404, 429, 500, 501],
security => {
Bearer => sub {
diff --git a/lib/CF/Controller/Posts.pm b/lib/CF/Controller/Posts.pm
index a59f381..18a2d5c 100644
--- a/lib/CF/Controller/Posts.pm
+++ b/lib/CF/Controller/Posts.pm
@@ -31,6 +31,26 @@ sub create ($c) {
return $c->error(403, 'Debate closed');
}
+ # limit poctu prispevku jedneho uzivatele k jednemu bodu
+ my $limit = $c->schema->resultset('Post')->count({
+ program_entry_id => $program_entry->id,
+ user_id => $c->user->{id},
+ });
+
+ if ( $limit > $c->cfg->{limit_post_count}) {
+ return $c->error(429, 'Too many post from user');
+ }
+
+ # limit poctu prispevku za minutu
+ $limit = $c->schema->resultset('Post')->count({
+ user_id => $c->user->{id},
+ datetime => { '>' => \"now()-'1 min'::interval" },
+ });
+
+ if ( $limit >= $c->cfg->{limit_post_add_rate}) {
+ return $c->error(429, 'Too many posts per minute');
+ }
+
my $post = $program_entry->add_to_posts({
user_id => $c->user->{id},
type => $args->{type},
@@ -159,6 +179,17 @@ sub update ($c) {
my $post = $c->schema->resultset('Post')->find($c->stash->{id});
return $c->error(404, 'Post not found') if ! $post;
+ # limit poctu prispevku za minutu
+ my $limit = $c->schema->resultset('PostHistory')->count({
+ user_id => $c->user->{id},
+ post_id => $post->id,
+ datetime => { '>' => \"now()-'1 min'::interval" },
+ });
+
+ if ( $limit >= $c->cfg->{limit_post_edit_rate}) {
+ return $c->error(429, 'Too many posts changes per minute');
+ }
+
if ( ! $c->user_roles->{chairman} ) {
if ( $post->user_id != $c->user->{id} ) {
return $c->error(403, 'Access deined');
@@ -254,6 +285,11 @@ sub ranking ($c) {
my $post = $c->schema->resultset('Post')->find($c->stash->{id});
return $c->error(404, 'Post not found') if ! $post;
+ if ( $post->type == 0 and ! $c->user_roles->{member} ) {
+ $c->render(status => 403, text => '');
+ return;
+ }
+
my $user_ranking = $post->rankings({
user_id => $c->user->{id},
})->first;
@@ -312,4 +348,8 @@ sub ranking ($c) {
$c->render(status => 204, text => '');
}
+
+
+
+
1;
--
GitLab