From 36a98bd43674c8b4dc56814277b36a5d38db1941 Mon Sep 17 00:00:00 2001 From: Julius Knorr Date: Thu, 7 Nov 2024 09:59:47 +0100 Subject: [PATCH] fix: Properly throttle in error cases and add rate limit for public file creation Signed-off-by: Julius Knorr --- lib/Controller/DocumentAPIController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/Controller/DocumentAPIController.php b/lib/Controller/DocumentAPIController.php index fcbd3399c0..b5b351e6a7 100644 --- a/lib/Controller/DocumentAPIController.php +++ b/lib/Controller/DocumentAPIController.php @@ -78,6 +78,7 @@ public function __construct(IRequest $request, IRootFolder $rootFolder, IManager * @NoAdminRequired * @PublicPage * @BruteForceProtection(action=richdocumentsCreatePublic) + * @AnonRateThrottle(limit: 5, period: 120) */ public function create(string $mimeType, string $fileName, string $directoryPath = '/', string $shareToken = null, ?int $templateId = null): JSONResponse { try { @@ -105,10 +106,12 @@ public function create(string $mimeType, string $fileName, string $directoryPath } } catch (Throwable $e) { $this->logger->error('Failed to create document', ['exception' => $e]); - return new JSONResponse([ + $response = new JSONResponse([ 'status' => 'error', 'message' => $this->l10n->t('Cannot create document') ], Http::STATUS_BAD_REQUEST); + $response->throttle(); + return $response; } $basename = $this->l10n->t('New Document.odt');