Merge pull request #618 from devforth/next

Next

Author: ivictbor

adminforth/dataConnectors/clickhouse.ts

@@ -530,7 +530,6 @@ class ClickhouseConnector extends AdminForthBaseConnector implements IAdminForth
       }).join(', ');
       const tableName = resource.table;
 
-      console.log('getDataWithOriginalTypes called with filters', JSON.stringify(filters), 'and sort', JSON.stringify(sort));
       const { where, params } = this.whereClause(resource, filters);
 
       const orderBy = sort.length ? `ORDER BY ${sort.map((s) => `${s.field} ${this.SortDirectionsMap[s.direction]}`).join(', ')}` : '';

adminforth/documentation/docs/tutorial/03-Customization/12-security.md

@@ -242,3 +242,46 @@ export const admin = new AdminForth({
 ```
 
 Now, if a user’s field `status` is changed to "banned", they won’t be able to perform any actions and moreover  will be automatically logged out upon accessing the page.
+
+## RateLimiter for API
+
+### Import
+```ts 
+import { RateLimiter } from "adminforth";
+```
+
+### Usage
+```ts 
+import { RateLimiter } from "adminforth";
+
+const UserRateLimiter = new RateLimiter("20/1d");
+
+app.post(
+  `${ADMIN_BASE_URL}/api/some-api/`,
+  admin.express.authorize(async (req: any, res: any) => {
+
+    const allowed = await UserRateLimiter.consume(req.user.id);
+
+    if (!allowed) {
+      res.status(429).json({
+        error: "Rate limit exceeded"
+      });
+      return;
+    }
+
+    // your API logic here
+  })
+);
+```
+
+### Limit format
+"20/1d"
+This means that a user is allowed to make up to 20 requests within one day, and once this limit is reached, any further requests will be blocked until the 24-hour period resets.
+
+### Supported time units
+- s → seconds (10s)
+- m → minutes (5m)
+- h → hours (1h)
+- d → days (1d)
+
+> ☝ Сonsume(key) is used to check whether a specific key such as a userId, IP address, or any other identifier has exceeded its allowed request limit. If the limit has not been reached, it returns true, meaning the request is allowed to proceed.

adminforth/modules/restApi.ts

@@ -718,6 +718,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
 
         if (!userRecord) {
+          response.setStatus(401);
           return { error: INVALID_MESSAGE };
         }
 
@@ -748,6 +749,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             });
           } 
         } else {
+          response.setStatus(401);
           return { error: INVALID_MESSAGE };
         }
 

adminforth/spa/src/utils/listUtils.ts

@@ -61,7 +61,7 @@ export async function startBulkAction(actionId: string, resource: AdminForthReso
   if (action?.confirm) {
     const confirmed = await confirm({
       title: action.confirm,
-      message: `${t('Deleting')} ${checkboxes.value.length} ${checkboxes.value.length === 1 ? t('item') : t('items')}. ${t('This process is irreversible.')}`,
+      message: t('Deleting {count} item. This process is irreversible. | Deleting {count} items. This process is irreversible.', { count: checkboxes.value.length }),
     });
     if (!confirmed) {
       return;

adminforth/spa/src/utils/utils.ts

@@ -141,7 +141,7 @@ export async function callApi({path, method, body, headers, silentError = false,
   const fullPath = `${import.meta.env.VITE_ADMINFORTH_PUBLIC_PATH || ''}${path}`;
   try {
     const r = await fetch(fullPath, options);
-    if (r.status == 401 ) {
+    if (r.status == 401 && !path.includes('/login')) {
       useUserStore().unauthorize();
       useCoreStore().resetAdminUser();
       await redirectToLogin();

adminforth/types/Back.ts

@@ -36,7 +36,7 @@ export interface IConfigValidator {
 
 export interface IAdminForthHttpResponse {
     setHeader: (key: string, value: string) => void,
-    setStatus: (code: number, message: string) => void,
+    setStatus: (code: number, message?: string) => void,
     blobStream: () => Writable,
 };