diff --git a/packages/nocodb/src/controllers/attachments-secure.controller.ts b/packages/nocodb/src/controllers/attachments-secure.controller.ts index f466424c2e..49e95821c3 100644 --- a/packages/nocodb/src/controllers/attachments-secure.controller.ts +++ b/packages/nocodb/src/controllers/attachments-secure.controller.ts @@ -19,12 +19,13 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { AttachmentsService } from '~/services/attachments.service'; import { PresignedUrl } from '~/models'; import { UploadAllowedInterceptor } from '~/interceptors/is-upload-allowed/is-upload-allowed.interceptor'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() export class AttachmentsSecureController { constructor(private readonly attachmentsService: AttachmentsService) {} - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) @Post(['/api/v1/db/storage/upload', '/api/v1/storage/upload']) @HttpCode(200) @UseInterceptors(UploadAllowedInterceptor, AnyFilesInterceptor()) @@ -42,7 +43,7 @@ export class AttachmentsSecureController { @Post(['/api/v1/db/storage/upload-by-url', '/api/v1/storage/upload-by-url']) @HttpCode(200) @UseInterceptors(UploadAllowedInterceptor) - @UseGuards(GlobalGuard) + @UseGuards(MetaApiLimiterGuard, GlobalGuard) async uploadViaURL(@Body() body: any, @Request() req) { const path = `${moment().format('YYYY/MM/DD')}/${hash(req.user.id)}`; diff --git a/packages/nocodb/src/controllers/bulk-data-alias.controller.ts b/packages/nocodb/src/controllers/bulk-data-alias.controller.ts index 453dc24a07..0a87fcc730 100644 --- a/packages/nocodb/src/controllers/bulk-data-alias.controller.ts +++ b/packages/nocodb/src/controllers/bulk-data-alias.controller.ts @@ -18,7 +18,7 @@ import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() @Throttle({ meta: {} }) -@UseGuards(GlobalGuard, DataApiLimiterGuard) +@UseGuards(DataApiLimiterGuard, GlobalGuard) export class BulkDataAliasController { constructor(private bulkDataAliasService: BulkDataAliasService) {} diff --git a/packages/nocodb/src/controllers/data-alias-nested.controller.ts b/packages/nocodb/src/controllers/data-alias-nested.controller.ts index 86886872a0..b630df6653 100644 --- a/packages/nocodb/src/controllers/data-alias-nested.controller.ts +++ b/packages/nocodb/src/controllers/data-alias-nested.controller.ts @@ -16,7 +16,7 @@ import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() @Throttle({ meta: {} }) -@UseGuards(GlobalGuard, DataApiLimiterGuard) +@UseGuards(DataApiLimiterGuard, GlobalGuard) export class DataAliasNestedController { constructor(private dataAliasNestedService: DataAliasNestedService) {} diff --git a/packages/nocodb/src/controllers/datas.controller.ts b/packages/nocodb/src/controllers/datas.controller.ts index ecf313fe9b..4c55980dae 100644 --- a/packages/nocodb/src/controllers/datas.controller.ts +++ b/packages/nocodb/src/controllers/datas.controller.ts @@ -10,15 +10,13 @@ import { Request, UseGuards, } from '@nestjs/common'; -import { Throttle } from '@nestjs/throttler'; import { GlobalGuard } from '~/guards/global/global.guard'; import { DatasService } from '~/services/datas.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@Throttle({ meta: {} }) -@UseGuards(GlobalGuard, DataApiLimiterGuard) +@UseGuards(DataApiLimiterGuard, GlobalGuard) export class DatasController { constructor(private readonly datasService: DatasService) {} diff --git a/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts b/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts index c4d2f4f1f3..aacec8edef 100644 --- a/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts +++ b/packages/nocodb/src/controllers/old-datas/old-datas.controller.ts @@ -17,7 +17,7 @@ import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { DataApiLimiterGuard } from '~/guards/data-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard, DataApiLimiterGuard) +@UseGuards(DataApiLimiterGuard, GlobalGuard) export class OldDatasController { constructor(private readonly oldDatasService: OldDatasService) {} diff --git a/packages/nocodb/src/controllers/shared-bases.controller.ts b/packages/nocodb/src/controllers/shared-bases.controller.ts index 046d07c9f8..41b44fed11 100644 --- a/packages/nocodb/src/controllers/shared-bases.controller.ts +++ b/packages/nocodb/src/controllers/shared-bases.controller.ts @@ -13,9 +13,10 @@ import { import { GlobalGuard } from '~/guards/global/global.guard'; import { SharedBasesService } from '~/services/shared-bases.service'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SharedBasesController { constructor(private readonly sharedBasesService: SharedBasesService) {} diff --git a/packages/nocodb/src/modules/jobs/jobs.controller.ts b/packages/nocodb/src/modules/jobs/jobs.controller.ts index c7006e3fbb..2e8a5fb7d6 100644 --- a/packages/nocodb/src/modules/jobs/jobs.controller.ts +++ b/packages/nocodb/src/modules/jobs/jobs.controller.ts @@ -18,12 +18,13 @@ import { JobEvents } from '~/interface/Jobs'; import { GlobalGuard } from '~/guards/global/global.guard'; import NocoCache from '~/cache/NocoCache'; import { CacheGetType, CacheScope } from '~/utils/globals'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; const nanoidv2 = customAlphabet('1234567890abcdefghijklmnopqrstuvwxyz', 14); const POLLING_INTERVAL = 30000; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class JobsController implements OnModuleInit { jobsRedisService: JobsRedisService; diff --git a/packages/nocodb/src/modules/jobs/jobs/at-import/at-import.controller.ts b/packages/nocodb/src/modules/jobs/jobs/at-import/at-import.controller.ts index 4babd48beb..5792f88de2 100644 --- a/packages/nocodb/src/modules/jobs/jobs/at-import/at-import.controller.ts +++ b/packages/nocodb/src/modules/jobs/jobs/at-import/at-import.controller.ts @@ -11,9 +11,10 @@ import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { SyncSource } from '~/models'; import { NcError } from '~/helpers/catchError'; import { JobTypes } from '~/interface/Jobs'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class AtImportController { constructor(@Inject('JobsService') private readonly jobsService) {} diff --git a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts index db1cce5842..16944b0e03 100644 --- a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts +++ b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts @@ -15,9 +15,10 @@ import { BasesService } from '~/services/bases.service'; import { Base, Model, Source } from '~/models'; import { generateUniqueName } from '~/helpers/exportImportHelpers'; import { JobTypes } from '~/interface/Jobs'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class DuplicateController { constructor( @Inject('JobsService') protected readonly jobsService, diff --git a/packages/nocodb/src/modules/jobs/jobs/meta-sync/meta-sync.controller.ts b/packages/nocodb/src/modules/jobs/jobs/meta-sync/meta-sync.controller.ts index bd4b59db9c..7afc6dd55d 100644 --- a/packages/nocodb/src/modules/jobs/jobs/meta-sync/meta-sync.controller.ts +++ b/packages/nocodb/src/modules/jobs/jobs/meta-sync/meta-sync.controller.ts @@ -11,9 +11,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { NcError } from '~/helpers/catchError'; import { JobTypes } from '~/interface/Jobs'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class MetaSyncController { constructor(@Inject('JobsService') private readonly jobsService) {} diff --git a/packages/nocodb/src/modules/jobs/jobs/source-create/source-create.controller.ts b/packages/nocodb/src/modules/jobs/jobs/source-create/source-create.controller.ts index 651fc5c7ac..67806f8303 100644 --- a/packages/nocodb/src/modules/jobs/jobs/source-create/source-create.controller.ts +++ b/packages/nocodb/src/modules/jobs/jobs/source-create/source-create.controller.ts @@ -12,9 +12,10 @@ import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { NcError } from '~/helpers/catchError'; import { JobTypes } from '~/interface/Jobs'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SourceCreateController { constructor(@Inject('JobsService') private readonly jobsService) {} diff --git a/packages/nocodb/src/modules/jobs/jobs/source-delete/source-delete.controller.ts b/packages/nocodb/src/modules/jobs/jobs/source-delete/source-delete.controller.ts index 8b78bc3762..8d37af1a30 100644 --- a/packages/nocodb/src/modules/jobs/jobs/source-delete/source-delete.controller.ts +++ b/packages/nocodb/src/modules/jobs/jobs/source-delete/source-delete.controller.ts @@ -4,9 +4,10 @@ import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; import { NcError } from '~/helpers/catchError'; import { JobTypes } from '~/interface/Jobs'; import { SourcesService } from '~/services/sources.service'; +import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard'; @Controller() -@UseGuards(GlobalGuard) +@UseGuards(MetaApiLimiterGuard, GlobalGuard) export class SourceDeleteController { constructor( @Inject('JobsService') private readonly jobsService,