Skip to content

Commit f44bf42

Browse files
fullenifulleni
committed
feat(middleware): enhance user settings endpoint with rate limiting
- Add configured_rate_limiter import for rate limiting functionality - Implement rate limiting in the user settings middleware chain - Update middleware documentation to reflect new rate limiting step - Modify _rateAndPermissionSetter function to handle rate limiting and permission setting
1 parent 0c7578a commit f44bf42

File tree

1 file changed

+18
-7
lines changed

1 file changed

+18
-7
lines changed

routes/api/v1/users/[id]/settings/_middleware.dart

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,49 @@
11
import 'package:dart_frog/dart_frog.dart';
22
import 'package:flutter_news_app_api_server_full_source_code/src/middlewares/authorization_middleware.dart';
3+
import 'package:flutter_news_app_api_server_full_source_code/src/middlewares/configured_rate_limiter.dart';
34
import 'package:flutter_news_app_api_server_full_source_code/src/middlewares/ownership_check_middleware.dart';
45
import 'package:flutter_news_app_api_server_full_source_code/src/rbac/permissions.dart';
56

67
/// Middleware for the user settings endpoint.
78
///
89
/// This chain ensures that:
910
/// 1. The user is authenticated (handled by the parent `users` middleware).
10-
/// 2. The correct permission (`userAppSettings...`) is required.
11-
/// 3. The user has that permission.
12-
/// 4. The user is the owner of the settings resource.
11+
/// 2. Rate limiting is applied.
12+
/// 3. The correct permission (`userAppSettings...`) is required.
13+
/// 4. The user has that permission.
14+
/// 5. The user is the owner of the settings resource.
1315
Handler middleware(Handler handler) {
1416
return handler
1517
// Final check: ensure the authenticated user owns this resource.
1618
.use(userOwnershipMiddleware())
1719
// Check if the user has the required permission.
1820
.use(authorizationMiddleware())
19-
// Provide the specific permission required for this route.
20-
.use(_permissionSetter());
21+
// Apply rate limiting and provide the specific permission for this route.
22+
.use(_rateAndPermissionSetter());
2123
}
2224

23-
Middleware _permissionSetter() {
25+
Middleware _rateAndPermissionSetter() {
2426
return (handler) {
2527
return (context) {
2628
final String permission;
29+
final Middleware rateLimiter;
30+
2731
switch (context.request.method) {
2832
case HttpMethod.get:
2933
permission = Permissions.userAppSettingsReadOwned;
34+
rateLimiter = createReadRateLimiter();
3035
case HttpMethod.put:
3136
permission = Permissions.userAppSettingsUpdateOwned;
37+
rateLimiter = createWriteRateLimiter();
3238
default:
3339
return Response(statusCode: 405);
3440
}
35-
return handler(context.provide<String>(() => permission));
41+
42+
return rateLimiter(
43+
(context) => handler(
44+
context.provide<String>(() => permission),
45+
),
46+
)(context);
3647
};
3748
};
3849
}

0 commit comments

Comments
 (0)