From 2427560300e7a958ec05d11fa4e8446f7195a6aa Mon Sep 17 00:00:00 2001 From: Pranav C Date: Sun, 8 Oct 2023 16:59:51 +0000 Subject: [PATCH] feat: rate-limit open endpoints and token based api access --- packages/nocodb/src/app.config.ts | 4 +--- .../api-docs/api-docs.controller.ts | 6 +++++- .../src/controllers/api-tokens.controller.ts | 3 ++- .../src/controllers/attachments.controller.ts | 5 +++-- .../src/controllers/audits.controller.ts | 3 ++- .../src/controllers/auth/auth.controller.ts | 19 ++++++++++++++----- .../src/controllers/base-users.controller.ts | 3 ++- .../src/controllers/bases.controller.ts | 3 ++- .../controllers/bulk-data-alias.controller.ts | 5 ++++- .../src/controllers/caches.controller.ts | 3 ++- .../src/controllers/columns.controller.ts | 5 ++++- .../data-alias-export.controller.ts | 6 +++++- .../data-alias-nested.controller.ts | 5 ++++- .../src/controllers/data-alias.controller.ts | 3 ++- .../src/controllers/data-table.controller.ts | 5 +++-- .../src/controllers/datas.controller.ts | 5 ++++- .../src/controllers/filters.controller.ts | 3 ++- .../controllers/form-columns.controller.ts | 3 ++- .../src/controllers/forms.controller.ts | 3 ++- .../src/controllers/galleries.controller.ts | 3 ++- .../controllers/grid-columns.controller.ts | 3 ++- .../src/controllers/grids.controller.ts | 3 ++- .../src/controllers/hooks.controller.ts | 3 ++- .../src/controllers/imports/helpers/job.ts | 0 .../controllers/imports/import.controller.ts | 0 .../src/controllers/kanbans.controller.ts | 3 ++- .../nocodb/src/controllers/maps.controller.ts | 3 ++- .../src/controllers/meta-diffs.controller.ts | 3 ++- .../model-visibilities.controller.ts | 3 ++- .../controllers/notifications.controller.ts | 3 ++- .../old-datas/old-datas.controller.ts | 3 ++- .../src/controllers/org-lcense.controller.ts | 3 ++- .../src/controllers/org-tokens.controller.ts | 3 ++- .../src/controllers/org-users.controller.ts | 3 ++- .../src/controllers/plugins.controller.ts | 3 ++- .../public-datas-export.controller.ts | 11 ++++++++++- .../controllers/public-datas.controller.ts | 3 +++ .../controllers/public-metas.controller.ts | 4 +++- .../src/controllers/sorts.controller.ts | 3 ++- .../src/controllers/sources.controller.ts | 3 ++- .../src/controllers/sql-views.controller.ts | 3 ++- .../nocodb/src/controllers/sync.controller.ts | 3 ++- .../src/controllers/tables.controller.ts | 3 ++- .../src/controllers/users/users.controller.ts | 3 ++- .../src/controllers/utils.controller.ts | 10 +++++++++- .../controllers/view-columns.controller.ts | 3 ++- .../src/controllers/views.controller.ts | 3 ++- .../src/guards/data-api-limiter.guard.ts | 9 +++++++++ .../src/guards/meta-api-limiter.guard.ts | 10 ++++++++++ .../src/guards/public-api-limiter.guard.ts | 10 ++++++++++ packages/nocodb/src/interface/config.ts | 14 ++++++++++++-- 51 files changed, 175 insertions(+), 54 deletions(-) delete mode 100644 packages/nocodb/src/controllers/imports/helpers/job.ts delete mode 100644 packages/nocodb/src/controllers/imports/import.controller.ts create mode 100644 packages/nocodb/src/guards/data-api-limiter.guard.ts create mode 100644 packages/nocodb/src/guards/meta-api-limiter.guard.ts create mode 100644 packages/nocodb/src/guards/public-api-limiter.guard.ts diff --git a/packages/nocodb/src/app.config.ts b/packages/nocodb/src/app.config.ts index 0bc0fbb55b..0d6a9a0bbc 100644 --- a/packages/nocodb/src/app.config.ts +++ b/packages/nocodb/src/app.config.ts @@ -2,9 +2,7 @@ import type { AppConfig } from './interface/config'; const config: AppConfig = { throttler: { - ttl: 60, - max_apis: 10000, - calc_execution_time: true, + calc_execution_time: false, }, basicAuth: { username: process.env.NC_HTTP_BASIC_USER ?? 'defaultusername', diff --git a/packages/nocodb/src/controllers/api-docs/api-docs.controller.ts b/packages/nocodb/src/controllers/api-docs/api-docs.controller.ts index 9504de84cc..6e208db8d3 100644 --- a/packages/nocodb/src/controllers/api-docs/api-docs.controller.ts +++ b/packages/nocodb/src/controllers/api-docs/api-docs.controller.ts @@ -11,6 +11,8 @@ import getRedocHtml from './template/redocHtml'; import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { ApiDocsService } from '~/services/api-docs/api-docs.service'; +import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() export class ApiDocsController { @@ -20,7 +22,7 @@ export class ApiDocsController { '/api/v1/db/meta/projects/:baseId/swagger.json', '/api/v1/meta/bases/:baseId/swagger.json', ]) - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) @Acl('swaggerJson') async swaggerJson(@Param('baseId') baseId: string, @Request() req) { const swagger = await this.apiDocsService.swaggerJson({ @@ -35,10 +37,12 @@ export class ApiDocsController { '/api/v1/meta/bases/:baseId/swagger', '/api/v1/db/meta/projects/:baseId/swagger', ]) + @UseGuards(PublicApiLimiterGuard) swaggerHtml(@Param('baseId') baseId: string, @Response() res) { res.send(getSwaggerHtml({ ncSiteUrl: process.env.NC_PUBLIC_URL || '' })); } + @UseGuards(PublicApiLimiterGuard) @Get([ '/api/v1/db/meta/projects/:baseId/redoc', '/api/v1/meta/bases/:baseId/redoc', diff --git a/packages/nocodb/src/controllers/api-tokens.controller.ts b/packages/nocodb/src/controllers/api-tokens.controller.ts index 4033e9e28b..78f4e34e2e 100644 --- a/packages/nocodb/src/controllers/api-tokens.controller.ts +++ b/packages/nocodb/src/controllers/api-tokens.controller.ts @@ -13,9 +13,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { ApiTokensService } from '~/services/api-tokens.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class ApiTokensController { constructor(private readonly apiTokensService: ApiTokensService) {} diff --git a/packages/nocodb/src/controllers/attachments.controller.ts b/packages/nocodb/src/controllers/attachments.controller.ts index 36868aed0c..4c0cdc9923 100644 --- a/packages/nocodb/src/controllers/attachments.controller.ts +++ b/packages/nocodb/src/controllers/attachments.controller.ts @@ -18,12 +18,13 @@ import { UploadAllowedInterceptor } from '~/interceptors/is-upload-allowed/is-up import { GlobalGuard } from '~/guards/global/global.guard'; import { AttachmentsService } from '~/services/attachments.service'; import { PresignedUrl } from '~/models'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() export class AttachmentsController { constructor(private readonly attachmentsService: AttachmentsService) {} - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) @Post(['/api/v1/db/storage/upload', '/api/v1/storage/upload']) @HttpCode(200) @UseInterceptors(UploadAllowedInterceptor, AnyFilesInterceptor()) @@ -43,7 +44,7 @@ export class AttachmentsController { @Post(['/api/v1/db/storage/upload-by-url', '/api/v1/storage/upload-by-url']) @HttpCode(200) @UseInterceptors(UploadAllowedInterceptor) - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) async uploadViaURL(@Body() body: any, @Query('path') path: string) { const attachments = await this.attachmentsService.uploadViaURL({ urls: body, diff --git a/packages/nocodb/src/controllers/audits.controller.ts b/packages/nocodb/src/controllers/audits.controller.ts index 605e3ec693..43ef136ccd 100644 --- a/packages/nocodb/src/controllers/audits.controller.ts +++ b/packages/nocodb/src/controllers/audits.controller.ts @@ -14,9 +14,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { AuditsService } from '~/services/audits.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class AuditsController { constructor(private readonly auditsService: AuditsService) {} diff --git a/packages/nocodb/src/controllers/auth/auth.controller.ts b/packages/nocodb/src/controllers/auth/auth.controller.ts index b8fbeae22f..3b5c7c1e01 100644 --- a/packages/nocodb/src/controllers/auth/auth.controller.ts +++ b/packages/nocodb/src/controllers/auth/auth.controller.ts @@ -23,6 +23,8 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { NcError } from '~/helpers/catchError'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { User } from '~/models'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; +import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard'; @Controller() export class AuthController { @@ -37,6 +39,7 @@ export class AuthController { '/api/v1/db/auth/user/signup', '/api/v1/auth/user/signup', ]) + @UseGuards(PublicApiLimiterGuard) @HttpCode(200) async signup(@Request() req: any, @Response() res: any): Promise { if (this.config.get('auth', { infer: true }).disableEmailAuth) { @@ -56,6 +59,7 @@ export class AuthController { '/api/v1/db/auth/token/refresh', '/api/v1/auth/token/refresh', ]) + @UseGuards(PublicApiLimiterGuard) @HttpCode(200) async refreshToken(@Request() req: any, @Response() res: any): Promise { res.json( @@ -72,7 +76,7 @@ export class AuthController { '/api/v1/db/auth/user/signin', '/api/v1/auth/user/signin', ]) - @UseGuards(AuthGuard('local')) + @UseGuards(PublicApiLimiterGuard, AuthGuard('local')) @HttpCode(200) async signin(@Request() req, @Response() res) { if (this.config.get('auth', { infer: true }).disableEmailAuth) { @@ -99,20 +103,20 @@ export class AuthController { @Post(`/auth/google/genTokenByCode`) @HttpCode(200) - @UseGuards(AuthGuard('google')) + @UseGuards(PublicApiLimiterGuard, AuthGuard('google')) async googleSignin(@Request() req, @Response() res) { await this.setRefreshToken({ req, res }); res.json(await this.usersService.login(req.user)); } @Get('/auth/google') - @UseGuards(AuthGuard('google')) + @UseGuards(PublicApiLimiterGuard, AuthGuard('google')) googleAuthenticate() { // google strategy will take care the request } @Get(['/auth/user/me', '/api/v1/db/auth/user/me', '/api/v1/auth/user/me']) - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) async me(@Request() req) { const user = { ...req.user, @@ -128,7 +132,7 @@ export class AuthController { '/api/v1/db/auth/password/change', '/api/v1/auth/password/change', ]) - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) @Acl('passwordChange', { scope: 'org', }) @@ -152,6 +156,7 @@ export class AuthController { '/api/v1/db/auth/password/forgot', '/api/v1/auth/password/forgot', ]) + @UseGuards(PublicApiLimiterGuard) @HttpCode(200) async passwordForgot(@Request() req: any): Promise { await this.usersService.passwordForgot({ @@ -168,6 +173,7 @@ export class AuthController { '/api/v1/db/auth/token/validate/:tokenId', '/api/v1/auth/token/validate/:tokenId', ]) + @UseGuards(PublicApiLimiterGuard) @HttpCode(200) async tokenValidate(@Param('tokenId') tokenId: string): Promise { await this.usersService.tokenValidate({ @@ -181,6 +187,7 @@ export class AuthController { '/api/v1/db/auth/password/reset/:tokenId', '/api/v1/auth/password/reset/:tokenId', ]) + @UseGuards(PublicApiLimiterGuard) @HttpCode(200) async passwordReset( @Request() req: any, @@ -200,6 +207,7 @@ export class AuthController { '/api/v1/db/auth/email/validate/:tokenId', '/api/v1/auth/email/validate/:tokenId', ]) + @UseGuards(PublicApiLimiterGuard) @HttpCode(200) async emailVerification( @Request() req: any, @@ -217,6 +225,7 @@ export class AuthController { '/api/v1/db/auth/password/reset/:tokenId', '/auth/password/reset/:tokenId', ]) + @UseGuards(PublicApiLimiterGuard) async renderPasswordReset( @Request() req: any, @Response() res: any, diff --git a/packages/nocodb/src/controllers/base-users.controller.ts b/packages/nocodb/src/controllers/base-users.controller.ts index d542e54492..c581b379bc 100644 --- a/packages/nocodb/src/controllers/base-users.controller.ts +++ b/packages/nocodb/src/controllers/base-users.controller.ts @@ -15,8 +15,9 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { BaseUsersService } from '~/services/base-users/base-users.service'; import { NcError } from '~/helpers/catchError'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) @Controller() export class BaseUsersController { constructor(protected readonly baseUsersService: BaseUsersService) {} diff --git a/packages/nocodb/src/controllers/bases.controller.ts b/packages/nocodb/src/controllers/bases.controller.ts index b30585838d..3f3e75a2b1 100644 --- a/packages/nocodb/src/controllers/bases.controller.ts +++ b/packages/nocodb/src/controllers/bases.controller.ts @@ -21,8 +21,9 @@ import { packageVersion } from '~/utils/packageVersion'; import { BasesService } from '~/services/bases.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { Filter } from '~/models'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) @Controller() export class BasesController { constructor(protected readonly projectsService: BasesService) {} diff --git a/packages/nocodb/src/controllers/bulk-data-alias.controller.ts b/packages/nocodb/src/controllers/bulk-data-alias.controller.ts index 2deb3ada6b..453dc24a07 100644 --- a/packages/nocodb/src/controllers/bulk-data-alias.controller.ts +++ b/packages/nocodb/src/controllers/bulk-data-alias.controller.ts @@ -10,12 +10,15 @@ import { Response, UseGuards, } from '@nestjs/common'; +import { Throttle } from '@nestjs/throttler'; import { GlobalGuard } from '~/guards/global/global.guard'; import { BulkDataAliasService } from '~/services/bulk-data-alias.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@Throttle({ meta: {} }) +@UseGuards(GlobalGuard, DataApiLimiterGuard) export class BulkDataAliasController { constructor(private bulkDataAliasService: BulkDataAliasService) {} diff --git a/packages/nocodb/src/controllers/caches.controller.ts b/packages/nocodb/src/controllers/caches.controller.ts index a69eebc49e..41c3ba22c0 100644 --- a/packages/nocodb/src/controllers/caches.controller.ts +++ b/packages/nocodb/src/controllers/caches.controller.ts @@ -3,9 +3,10 @@ import { OrgUserRoles } from 'nocodb-sdk'; import { CachesService } from '~/services/caches.service'; import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class CachesController { constructor(private readonly cachesService: CachesService) {} diff --git a/packages/nocodb/src/controllers/columns.controller.ts b/packages/nocodb/src/controllers/columns.controller.ts index 632477a34f..fdcb62b3fd 100644 --- a/packages/nocodb/src/controllers/columns.controller.ts +++ b/packages/nocodb/src/controllers/columns.controller.ts @@ -11,13 +11,16 @@ import { UseGuards, } from '@nestjs/common'; import { ColumnReqType } from 'nocodb-sdk'; +import { Throttle } from '@nestjs/throttler'; import type { Column } from '~/models'; import { GlobalGuard } from '~/guards/global/global.guard'; import { ColumnsService } from '~/services/columns.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; +@Throttle({ data: {} }) @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class ColumnsController { constructor(private readonly columnsService: ColumnsService) {} diff --git a/packages/nocodb/src/controllers/data-alias-export.controller.ts b/packages/nocodb/src/controllers/data-alias-export.controller.ts index be5b42144d..96446f687a 100644 --- a/packages/nocodb/src/controllers/data-alias-export.controller.ts +++ b/packages/nocodb/src/controllers/data-alias-export.controller.ts @@ -1,13 +1,16 @@ import { Controller, Get, Request, Response, UseGuards } from '@nestjs/common'; import * as XLSX from 'xlsx'; +import { Throttle } from '@nestjs/throttler'; import { GlobalGuard } from '~/guards/global/global.guard'; import { DatasService } from '~/services/datas.service'; import { extractCsvData, extractXlsxData } from '~/modules/datas/helpers'; import { View } from '~/models'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(DataApiLimiterGuard,GlobalGuard) +@Throttle({ data: {} }) export class DataAliasExportController { constructor(private datasService: DatasService) {} @@ -39,6 +42,7 @@ export class DataAliasExportController { }); res.end(buf); } + @Get([ '/api/v1/db/data/:orgs/:baseName/:tableName/views/:viewName/export/csv', '/api/v1/db/data/:orgs/:baseName/:tableName/export/csv', diff --git a/packages/nocodb/src/controllers/data-alias-nested.controller.ts b/packages/nocodb/src/controllers/data-alias-nested.controller.ts index dd90b8fc30..86886872a0 100644 --- a/packages/nocodb/src/controllers/data-alias-nested.controller.ts +++ b/packages/nocodb/src/controllers/data-alias-nested.controller.ts @@ -8,12 +8,15 @@ import { Request, UseGuards, } from '@nestjs/common'; +import { Throttle } from '@nestjs/throttler'; import { DataAliasNestedService } from '~/services/data-alias-nested.service'; import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@Throttle({ meta: {} }) +@UseGuards(GlobalGuard, DataApiLimiterGuard) export class DataAliasNestedController { constructor(private dataAliasNestedService: DataAliasNestedService) {} diff --git a/packages/nocodb/src/controllers/data-alias.controller.ts b/packages/nocodb/src/controllers/data-alias.controller.ts index 719faa4e87..35880aeed4 100644 --- a/packages/nocodb/src/controllers/data-alias.controller.ts +++ b/packages/nocodb/src/controllers/data-alias.controller.ts @@ -16,9 +16,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { parseHrtimeToMilliSeconds } from '~/helpers'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { DatasService } from '~/services/datas.service'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(DataApiLimiterGuard, GlobalGuard) export class DataAliasController { constructor(private readonly datasService: DatasService) {} diff --git a/packages/nocodb/src/controllers/data-table.controller.ts b/packages/nocodb/src/controllers/data-table.controller.ts index c7abbcceba..246e36f86f 100644 --- a/packages/nocodb/src/controllers/data-table.controller.ts +++ b/packages/nocodb/src/controllers/data-table.controller.ts @@ -12,13 +12,14 @@ import { Response, UseGuards, } from '@nestjs/common'; -import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { DataTableService } from '~/services/data-table.service'; import { parseHrtimeToMilliSeconds } from '~/helpers'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; +import { GlobalGuard } from '~/guards/global/global.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(DataApiLimiterGuard, GlobalGuard) export class DataTableController { constructor(private readonly dataTableService: DataTableService) {} diff --git a/packages/nocodb/src/controllers/datas.controller.ts b/packages/nocodb/src/controllers/datas.controller.ts index 5208da6bb4..ecf313fe9b 100644 --- a/packages/nocodb/src/controllers/datas.controller.ts +++ b/packages/nocodb/src/controllers/datas.controller.ts @@ -10,12 +10,15 @@ import { Request, UseGuards, } from '@nestjs/common'; +import { Throttle } from '@nestjs/throttler'; import { GlobalGuard } from '~/guards/global/global.guard'; import { DatasService } from '~/services/datas.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@Throttle({ meta: {} }) +@UseGuards(GlobalGuard, DataApiLimiterGuard) export class DatasController { constructor(private readonly datasService: DatasService) {} diff --git a/packages/nocodb/src/controllers/filters.controller.ts b/packages/nocodb/src/controllers/filters.controller.ts index d7c3cb125e..54e1c6618c 100644 --- a/packages/nocodb/src/controllers/filters.controller.ts +++ b/packages/nocodb/src/controllers/filters.controller.ts @@ -15,9 +15,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { FiltersService } from '~/services/filters.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class FiltersController { constructor(private readonly filtersService: FiltersService) {} diff --git a/packages/nocodb/src/controllers/form-columns.controller.ts b/packages/nocodb/src/controllers/form-columns.controller.ts index dfd7ad4124..333fc0f602 100644 --- a/packages/nocodb/src/controllers/form-columns.controller.ts +++ b/packages/nocodb/src/controllers/form-columns.controller.ts @@ -2,11 +2,12 @@ import { Body, Controller, Param, Patch, UseGuards } from '@nestjs/common'; import { GlobalGuard } from '~/guards/global/global.guard'; import { FormColumnsService } from '~/services/form-columns.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; class FormColumnUpdateReqType {} @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class FormColumnsController { constructor(private readonly formColumnsService: FormColumnsService) {} diff --git a/packages/nocodb/src/controllers/forms.controller.ts b/packages/nocodb/src/controllers/forms.controller.ts index e3cc9c45a3..2771c646bc 100644 --- a/packages/nocodb/src/controllers/forms.controller.ts +++ b/packages/nocodb/src/controllers/forms.controller.ts @@ -13,9 +13,10 @@ import { ViewCreateReqType } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { FormsService } from '~/services/forms.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class FormsController { constructor(private readonly formsService: FormsService) {} diff --git a/packages/nocodb/src/controllers/galleries.controller.ts b/packages/nocodb/src/controllers/galleries.controller.ts index 61b7586fd5..e4bb438c71 100644 --- a/packages/nocodb/src/controllers/galleries.controller.ts +++ b/packages/nocodb/src/controllers/galleries.controller.ts @@ -13,9 +13,10 @@ import { GalleryUpdateReqType, ViewCreateReqType } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { GalleriesService } from '~/services/galleries.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class GalleriesController { constructor(private readonly galleriesService: GalleriesService) {} diff --git a/packages/nocodb/src/controllers/grid-columns.controller.ts b/packages/nocodb/src/controllers/grid-columns.controller.ts index 54dd41f6f8..b271004a1d 100644 --- a/packages/nocodb/src/controllers/grid-columns.controller.ts +++ b/packages/nocodb/src/controllers/grid-columns.controller.ts @@ -3,9 +3,10 @@ import { GridColumnReqType } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { GridColumnsService } from '~/services/grid-columns.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class GridColumnsController { constructor(private readonly gridColumnsService: GridColumnsService) {} diff --git a/packages/nocodb/src/controllers/grids.controller.ts b/packages/nocodb/src/controllers/grids.controller.ts index 40b1b24d09..230810c027 100644 --- a/packages/nocodb/src/controllers/grids.controller.ts +++ b/packages/nocodb/src/controllers/grids.controller.ts @@ -12,9 +12,10 @@ import { ViewCreateReqType } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { GridsService } from '~/services/grids.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class GridsController { constructor(private readonly gridsService: GridsService) {} diff --git a/packages/nocodb/src/controllers/hooks.controller.ts b/packages/nocodb/src/controllers/hooks.controller.ts index 7f864c0f2c..fe807599dd 100644 --- a/packages/nocodb/src/controllers/hooks.controller.ts +++ b/packages/nocodb/src/controllers/hooks.controller.ts @@ -16,9 +16,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { HooksService } from '~/services/hooks.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class HooksController { constructor(private readonly hooksService: HooksService) {} diff --git a/packages/nocodb/src/controllers/imports/helpers/job.ts b/packages/nocodb/src/controllers/imports/helpers/job.ts deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/packages/nocodb/src/controllers/imports/import.controller.ts b/packages/nocodb/src/controllers/imports/import.controller.ts deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/packages/nocodb/src/controllers/kanbans.controller.ts b/packages/nocodb/src/controllers/kanbans.controller.ts index 39b78c04ae..d93ec9384b 100644 --- a/packages/nocodb/src/controllers/kanbans.controller.ts +++ b/packages/nocodb/src/controllers/kanbans.controller.ts @@ -13,9 +13,10 @@ import { ViewCreateReqType } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { KanbansService } from '~/services/kanbans.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class KanbansController { constructor(private readonly kanbansService: KanbansService) {} diff --git a/packages/nocodb/src/controllers/maps.controller.ts b/packages/nocodb/src/controllers/maps.controller.ts index f0201f2b06..2fb53f933e 100644 --- a/packages/nocodb/src/controllers/maps.controller.ts +++ b/packages/nocodb/src/controllers/maps.controller.ts @@ -13,9 +13,10 @@ import { MapUpdateReqType, ViewCreateReqType } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { MapsService } from '~/services/maps.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class MapsController { constructor(private readonly mapsService: MapsService) {} diff --git a/packages/nocodb/src/controllers/meta-diffs.controller.ts b/packages/nocodb/src/controllers/meta-diffs.controller.ts index d24479a60c..f14eea238b 100644 --- a/packages/nocodb/src/controllers/meta-diffs.controller.ts +++ b/packages/nocodb/src/controllers/meta-diffs.controller.ts @@ -2,9 +2,10 @@ import { Controller, Get, Param, UseGuards } from '@nestjs/common'; import { GlobalGuard } from '~/guards/global/global.guard'; import { MetaDiffsService } from '~/services/meta-diffs.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class MetaDiffsController { constructor(private readonly metaDiffsService: MetaDiffsService) {} diff --git a/packages/nocodb/src/controllers/model-visibilities.controller.ts b/packages/nocodb/src/controllers/model-visibilities.controller.ts index 4520613059..c1ee66cbc8 100644 --- a/packages/nocodb/src/controllers/model-visibilities.controller.ts +++ b/packages/nocodb/src/controllers/model-visibilities.controller.ts @@ -11,9 +11,10 @@ import { import { GlobalGuard } from '~/guards/global/global.guard'; import { ModelVisibilitiesService } from '~/services/model-visibilities.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class ModelVisibilitiesController { constructor( private readonly modelVisibilitiesService: ModelVisibilitiesService, diff --git a/packages/nocodb/src/controllers/notifications.controller.ts b/packages/nocodb/src/controllers/notifications.controller.ts index 60c556f25a..ae2adf0c37 100644 --- a/packages/nocodb/src/controllers/notifications.controller.ts +++ b/packages/nocodb/src/controllers/notifications.controller.ts @@ -13,9 +13,10 @@ import { import { NotificationsService } from '~/services/notifications.service'; import { GlobalGuard } from '~/guards/global/global.guard'; import { extractProps } from '~/helpers/extractProps'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class NotificationsController { constructor(private readonly notificationsService: NotificationsService) {} diff --git a/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts b/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts index c8e6136ea6..c4d2f4f1f3 100644 --- a/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts +++ b/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts @@ -14,9 +14,10 @@ import { import { OldDatasService } from './old-datas.service'; import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(GlobalGuard, DataApiLimiterGuard) export class OldDatasController { constructor(private readonly oldDatasService: OldDatasService) {} diff --git a/packages/nocodb/src/controllers/org-lcense.controller.ts b/packages/nocodb/src/controllers/org-lcense.controller.ts index 98cc3f4879..4120666055 100644 --- a/packages/nocodb/src/controllers/org-lcense.controller.ts +++ b/packages/nocodb/src/controllers/org-lcense.controller.ts @@ -10,9 +10,10 @@ import { OrgUserRoles } from 'nocodb-sdk'; import { GlobalGuard } from '~/guards/global/global.guard'; import { OrgLcenseService } from '~/services/org-lcense.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class OrgLcenseController { constructor(private readonly orgLcenseService: OrgLcenseService) {} diff --git a/packages/nocodb/src/controllers/org-tokens.controller.ts b/packages/nocodb/src/controllers/org-tokens.controller.ts index 4c24f67355..e226af7805 100644 --- a/packages/nocodb/src/controllers/org-tokens.controller.ts +++ b/packages/nocodb/src/controllers/org-tokens.controller.ts @@ -15,8 +15,9 @@ import { getConditionalHandler } from '~/helpers/getHandler'; import { OrgTokensEeService } from '~/services/org-tokens-ee.service'; import { OrgTokensService } from '~/services/org-tokens.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; -@UseGuards(AuthGuard('jwt')) +@UseGuards(MetaApiLimiterGuard, AuthGuard('jwt')) @Controller() export class OrgTokensController { constructor( diff --git a/packages/nocodb/src/controllers/org-users.controller.ts b/packages/nocodb/src/controllers/org-users.controller.ts index 8e53cce5bc..58f5e70dcc 100644 --- a/packages/nocodb/src/controllers/org-users.controller.ts +++ b/packages/nocodb/src/controllers/org-users.controller.ts @@ -16,9 +16,10 @@ import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { OrgUsersService } from '~/services/org-users.service'; import { User } from '~/models'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class OrgUsersController { constructor(private readonly orgUsersService: OrgUsersService) {} diff --git a/packages/nocodb/src/controllers/plugins.controller.ts b/packages/nocodb/src/controllers/plugins.controller.ts index c03e527bf2..3e45eae250 100644 --- a/packages/nocodb/src/controllers/plugins.controller.ts +++ b/packages/nocodb/src/controllers/plugins.controller.ts @@ -12,6 +12,7 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { PluginsService } from '~/services/plugins.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; // todo: move to a interceptor // const blockInCloudMw = (_req, res, next) => { @@ -21,7 +22,7 @@ import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; // }; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class PluginsController { constructor(private readonly pluginsService: PluginsService) {} diff --git a/packages/nocodb/src/controllers/public-datas-export.controller.ts b/packages/nocodb/src/controllers/public-datas-export.controller.ts index 1cdf0e84e3..1babc6db02 100644 --- a/packages/nocodb/src/controllers/public-datas-export.controller.ts +++ b/packages/nocodb/src/controllers/public-datas-export.controller.ts @@ -1,4 +1,11 @@ -import { Controller, Get, Param, Request, Response } from '@nestjs/common'; +import { + Controller, + Get, + Param, + Request, + Response, + UseGuards, +} from '@nestjs/common'; import { ErrorMessages, isSystemColumn, ViewTypes } from 'nocodb-sdk'; import * as XLSX from 'xlsx'; import { nocoExecute } from 'nc-help'; @@ -9,7 +16,9 @@ import { serializeCellValue } from '~/modules/datas/helpers'; import { PublicDatasExportService } from '~/services/public-datas-export.service'; import NcConnectionMgrv2 from '~/utils/common/NcConnectionMgrv2'; import { Column, Model, Source, View } from '~/models'; +import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard'; +@UseGuards(PublicApiLimiterGuard) @Controller() export class PublicDatasExportController { constructor( diff --git a/packages/nocodb/src/controllers/public-datas.controller.ts b/packages/nocodb/src/controllers/public-datas.controller.ts index b7c5440162..fab28b0b3c 100644 --- a/packages/nocodb/src/controllers/public-datas.controller.ts +++ b/packages/nocodb/src/controllers/public-datas.controller.ts @@ -5,11 +5,14 @@ import { Param, Post, Request, + UseGuards, UseInterceptors, } from '@nestjs/common'; import { AnyFilesInterceptor } from '@nestjs/platform-express'; import { PublicDatasService } from '~/services/public-datas.service'; +import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard'; +@UseGuards(PublicApiLimiterGuard) @Controller() export class PublicDatasController { constructor(private readonly publicDatasService: PublicDatasService) {} diff --git a/packages/nocodb/src/controllers/public-metas.controller.ts b/packages/nocodb/src/controllers/public-metas.controller.ts index 36ed9b0f50..20bafc4862 100644 --- a/packages/nocodb/src/controllers/public-metas.controller.ts +++ b/packages/nocodb/src/controllers/public-metas.controller.ts @@ -1,6 +1,8 @@ -import { Controller, Get, Param, Request } from '@nestjs/common'; +import { Controller, Get, Param, Request, UseGuards } from '@nestjs/common'; import { PublicMetasService } from '~/services/public-metas.service'; +import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard'; +@UseGuards(PublicApiLimiterGuard) @Controller() export class PublicMetasController { constructor(private readonly publicMetasService: PublicMetasService) {} diff --git a/packages/nocodb/src/controllers/sorts.controller.ts b/packages/nocodb/src/controllers/sorts.controller.ts index 90041540ab..987a4601e1 100644 --- a/packages/nocodb/src/controllers/sorts.controller.ts +++ b/packages/nocodb/src/controllers/sorts.controller.ts @@ -15,9 +15,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { SortsService } from '~/services/sorts.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SortsController { constructor(private readonly sortsService: SortsService) {} diff --git a/packages/nocodb/src/controllers/sources.controller.ts b/packages/nocodb/src/controllers/sources.controller.ts index dcef01b6f0..0b11027244 100644 --- a/packages/nocodb/src/controllers/sources.controller.ts +++ b/packages/nocodb/src/controllers/sources.controller.ts @@ -4,9 +4,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { SourcesService } from '~/services/sources.service'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SourcesController { constructor(private readonly sourcesService: SourcesService) {} diff --git a/packages/nocodb/src/controllers/sql-views.controller.ts b/packages/nocodb/src/controllers/sql-views.controller.ts index 4679c1cf93..2cb91f64f2 100644 --- a/packages/nocodb/src/controllers/sql-views.controller.ts +++ b/packages/nocodb/src/controllers/sql-views.controller.ts @@ -9,9 +9,10 @@ import { import { SqlViewsService } from '~/services/sql-views.service'; import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SqlViewsController { constructor(private readonly sqlViewsService: SqlViewsService) {} diff --git a/packages/nocodb/src/controllers/sync.controller.ts b/packages/nocodb/src/controllers/sync.controller.ts index a7e46298d7..7a12ff76a6 100644 --- a/packages/nocodb/src/controllers/sync.controller.ts +++ b/packages/nocodb/src/controllers/sync.controller.ts @@ -13,9 +13,10 @@ import { import { GlobalGuard } from '~/guards/global/global.guard'; import { SyncService } from '~/services/sync.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SyncController { constructor(private readonly syncService: SyncService) {} diff --git a/packages/nocodb/src/controllers/tables.controller.ts b/packages/nocodb/src/controllers/tables.controller.ts index 9c2dcd8a64..3f6905c370 100644 --- a/packages/nocodb/src/controllers/tables.controller.ts +++ b/packages/nocodb/src/controllers/tables.controller.ts @@ -16,9 +16,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { TablesService } from '~/services/tables.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class TablesController { constructor(private readonly tablesService: TablesService) {} diff --git a/packages/nocodb/src/controllers/users/users.controller.ts b/packages/nocodb/src/controllers/users/users.controller.ts index a9b476375c..9ea6c9655b 100644 --- a/packages/nocodb/src/controllers/users/users.controller.ts +++ b/packages/nocodb/src/controllers/users/users.controller.ts @@ -14,6 +14,7 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { AppHooksService } from '~/services/app-hooks/app-hooks.service'; import { UsersService } from '~/services/users/users.service'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() export class UsersController { @@ -24,7 +25,7 @@ export class UsersController { ) {} @Patch(['/api/v1/user/profile']) - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) @HttpCode(200) async update(@Body() body, @Request() req, @Response() res) { res.json( diff --git a/packages/nocodb/src/controllers/utils.controller.ts b/packages/nocodb/src/controllers/utils.controller.ts index debf0fb931..2464684c72 100644 --- a/packages/nocodb/src/controllers/utils.controller.ts +++ b/packages/nocodb/src/controllers/utils.controller.ts @@ -12,6 +12,8 @@ import { import { GlobalGuard } from '~/guards/global/global.guard'; import { UtilsService } from '~/services/utils.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; +import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard'; @Controller() export class UtilsController { @@ -19,6 +21,7 @@ export class UtilsController { constructor(protected readonly utilsService: UtilsService) {} + @UseGuards(PublicApiLimiterGuard) @Get('/api/v1/version') async getVersion() { if (process.env.NC_CLOUD !== 'true') { @@ -35,7 +38,7 @@ export class UtilsController { return this.version; } - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) @Post(['/api/v1/db/meta/connection/test', '/api/v1/meta/connection/test']) @Acl('testConnection', { scope: 'org', @@ -45,6 +48,7 @@ export class UtilsController { return await this.utilsService.testConnection({ body }); } + @UseGuards(PublicApiLimiterGuard) @Get(['/api/v1/db/meta/nocodb/info', '/api/v1/meta/nocodb/info']) async appInfo(@Request() req) { return await this.utilsService.appInfo({ @@ -54,17 +58,20 @@ export class UtilsController { }); } + @UseGuards(PublicApiLimiterGuard) @Get('/api/v1/health') async appHealth() { return await this.utilsService.appHealth(); } + @UseGuards(PublicApiLimiterGuard) @Post(['/api/v1/db/meta/axiosRequestMake', '/api/v1/meta/axiosRequestMake']) @HttpCode(200) async axiosRequestMake(@Body() body: any) { return await this.utilsService.axiosRequestMake({ body }); } + @UseGuards(PublicApiLimiterGuard) @Post('/api/v1/url_to_config') @HttpCode(200) async urlToDbConfig(@Body() body: any) { @@ -73,6 +80,7 @@ export class UtilsController { }); } + @UseGuards(PublicApiLimiterGuard) @Get('/api/v1/aggregated-meta-info') async aggregatedMetaInfo() { // todo: refactor diff --git a/packages/nocodb/src/controllers/view-columns.controller.ts b/packages/nocodb/src/controllers/view-columns.controller.ts index 9be387b696..5a68be90d9 100644 --- a/packages/nocodb/src/controllers/view-columns.controller.ts +++ b/packages/nocodb/src/controllers/view-columns.controller.ts @@ -13,9 +13,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { ViewColumnsService } from '~/services/view-columns.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class ViewColumnsController { constructor(private readonly viewColumnsService: ViewColumnsService) {} diff --git a/packages/nocodb/src/controllers/views.controller.ts b/packages/nocodb/src/controllers/views.controller.ts index 9a9cbe1306..662fc6b3fc 100644 --- a/packages/nocodb/src/controllers/views.controller.ts +++ b/packages/nocodb/src/controllers/views.controller.ts @@ -16,9 +16,10 @@ import { PagedResponseImpl } from '~/helpers/PagedResponse'; import { GlobalGuard } from '~/guards/global/global.guard'; import { ViewsService } from '~/services/views.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class ViewsController { constructor(private readonly viewsService: ViewsService) {} diff --git a/packages/nocodb/src/guards/data-api-limiter.guard.ts b/packages/nocodb/src/guards/data-api-limiter.guard.ts new file mode 100644 index 0000000000..bbbba4c445 --- /dev/null +++ b/packages/nocodb/src/guards/data-api-limiter.guard.ts @@ -0,0 +1,9 @@ +import { Injectable } from '@nestjs/common'; +import type { ExecutionContext } from '@nestjs/common'; + +@Injectable() +export class DataApiLimiterGuard { + async canActivate(_context: ExecutionContext): Promise { + return true; + } +} diff --git a/packages/nocodb/src/guards/meta-api-limiter.guard.ts b/packages/nocodb/src/guards/meta-api-limiter.guard.ts new file mode 100644 index 0000000000..5516e3bb36 --- /dev/null +++ b/packages/nocodb/src/guards/meta-api-limiter.guard.ts @@ -0,0 +1,10 @@ +import { Injectable } from '@nestjs/common'; +import { ThrottlerGuard } from '@nestjs/throttler'; +import type { ExecutionContext } from '@nestjs/common'; + +@Injectable() +export class MetaApiLimiterGuard extends ThrottlerGuard { + async canActivate(_context: ExecutionContext): Promise { + return true; + } +} diff --git a/packages/nocodb/src/guards/public-api-limiter.guard.ts b/packages/nocodb/src/guards/public-api-limiter.guard.ts new file mode 100644 index 0000000000..90471d4536 --- /dev/null +++ b/packages/nocodb/src/guards/public-api-limiter.guard.ts @@ -0,0 +1,10 @@ +import { Injectable } from '@nestjs/common'; +import { ThrottlerGuard } from '@nestjs/throttler'; +import type { ExecutionContext } from '@nestjs/common'; + +@Injectable() +export class PublicApiLimiterGuard extends ThrottlerGuard { + async canActivate(_context: ExecutionContext): Promise { + return true; + } +} diff --git a/packages/nocodb/src/interface/config.ts b/packages/nocodb/src/interface/config.ts index 880009fb22..6b10a0382e 100644 --- a/packages/nocodb/src/interface/config.ts +++ b/packages/nocodb/src/interface/config.ts @@ -294,8 +294,18 @@ export interface XcRoute { export interface AppConfig { throttler: { - ttl: number; - max_apis: number; + data?: { + ttl: number; + max_apis: number; + }; + meta?: { + ttl: number; + max_apis: number; + }; + public?: { + ttl: number; + max_apis: number; + }; calc_execution_time: boolean; }; basicAuth: {