rate limit middleware before auth

2018-03-14 18:06:06 +01:00 · 2018-03-14 18:06:06 +01:00 · 4e8cf136c8
commit 4e8cf136c8
parent 48a7d28aa6
2 changed files with 6 additions and 6 deletions
--- a/lib/cartodb/controllers/analyses.js
+++ b/lib/cartodb/controllers/analyses.js
@ -16,8 +16,8 @@ AnalysesController.prototype.register = function (app) {
        `${app.base_url_mapconfig}/analyses/catalog`,
        cors(),
        userMiddleware(),
-        this.prepareContext,
        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.ANALYSIS_CATALOG),
+        this.prepareContext,
        this.createPGClient(),
        this.getDataFromQuery({ queryTemplate: catalogQueryTpl, key: 'catalog' }),
        this.getDataFromQuery({ queryTemplate: tablesQueryTpl, key: 'tables' }),
--- a/lib/cartodb/controllers/named_maps_admin.js
+++ b/lib/cartodb/controllers/named_maps_admin.js
@ -27,9 +27,9 @@ NamedMapsAdminController.prototype.register = function (app) {
        `${base_url_templated}/`,
        cors(),
        userMiddleware(),
+        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_CREATE),
        localsMiddleware(),
        credentialsMiddleware(),
-        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_CREATE),
        this.checkContentType('POST', 'POST TEMPLATE'),
        this.authorizedByAPIKey('create', 'POST TEMPLATE'),
        this.create()
@ -39,9 +39,9 @@ NamedMapsAdminController.prototype.register = function (app) {
        `${base_url_templated}/:template_id`,
        cors(),
        userMiddleware(),
+        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_UPDATE),
        localsMiddleware(),
        credentialsMiddleware(),
-        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_UPDATE),
        this.checkContentType('PUT', 'PUT TEMPLATE'),
        this.authorizedByAPIKey('update', 'PUT TEMPLATE'),
        this.update()
@ -51,9 +51,9 @@ NamedMapsAdminController.prototype.register = function (app) {
        `${base_url_templated}/:template_id`,
        cors(),
        userMiddleware(),
+        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_GET),
        localsMiddleware(),
        credentialsMiddleware(),
-        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_GET),
        this.authorizedByAPIKey('get', 'GET TEMPLATE'),
        this.retrieve()
    );
@ -62,9 +62,9 @@ NamedMapsAdminController.prototype.register = function (app) {
        `${base_url_templated}/:template_id`,
        cors(),
        userMiddleware(),
+        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_DELETE),
        localsMiddleware(),
        credentialsMiddleware(),
-        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_DELETE),
        this.authorizedByAPIKey('delete', 'DELETE TEMPLATE'),
        this.destroy()
    );
@ -73,9 +73,9 @@ NamedMapsAdminController.prototype.register = function (app) {
        `${base_url_templated}/`,
        cors(),
        userMiddleware(),
+        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_LIST),
        localsMiddleware(),
        credentialsMiddleware(),
-        rateLimit(this.userLimitsApi, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_LIST),
        this.authorizedByAPIKey('list', 'GET TEMPLATE LIST'),
        this.list()
    );