add api endpoint to preview babycode
This commit is contained in:
parent
72709226c0
commit
8a00500387
21
apps/api.lua
21
apps/api.lua
@ -1,8 +1,13 @@
|
||||
local app = require("lapis").Application()
|
||||
local json_params = require("lapis.application").json_params
|
||||
|
||||
local sse = require("lib.sse")
|
||||
|
||||
local db = require("lapis.db")
|
||||
|
||||
local html_escape = require("lapis.html").escape
|
||||
local babycode = require("lib.babycode")
|
||||
|
||||
local util = require("util")
|
||||
|
||||
app:get("sse_thread_updates", "/thread-updates/:thread_id", function(self)
|
||||
@ -33,4 +38,20 @@ app:get("sse_thread_updates", "/thread-updates/:thread_id", function(self)
|
||||
return {skip_render = true}
|
||||
end)
|
||||
|
||||
app:post("babycode_preview", "/babycode-preview", json_params(function(self)
|
||||
local user = util.get_logged_in_user(self)
|
||||
if not user then
|
||||
return {json = {error = "not authorized"}, status = 401}
|
||||
end
|
||||
if not util.rate_limit_allowed(user.id, "babycode_preview", 5) then
|
||||
return {json = {error = "too many requests"}, status = 429}
|
||||
end
|
||||
local markup = self.params.markup
|
||||
if not markup or type(markup) ~= "string" then
|
||||
return {json = {error = "markup field missing or invalid type"}, status = 400}
|
||||
end
|
||||
local rendered = babycode.to_html(markup, html_escape)
|
||||
return {json = {html = rendered}}
|
||||
end))
|
||||
|
||||
return app
|
||||
|
@ -91,4 +91,15 @@ return {
|
||||
|
||||
db.query("COMMIT")
|
||||
end,
|
||||
|
||||
[12] = function ()
|
||||
schema.create_table("api_rate_limits", {
|
||||
{"id", types.integer{primary_key = true}},
|
||||
{"method", types.text{null = false}},
|
||||
{"user_id", "INTEGER REFERENCES users(id) ON DELETE CASCADE"},
|
||||
{"logged_at", "INTEGER DEFAULT (unixepoch(CURRENT_TIMESTAMP))"},
|
||||
})
|
||||
|
||||
db.query("CREATE INDEX idx_rate_limit_user_method ON api_rate_limits (user_id, method)")
|
||||
end,
|
||||
}
|
||||
|
21
util.lua
21
util.lua
@ -316,4 +316,25 @@ function util.inject_warn_infobox(req, message)
|
||||
req.session.infobox = ib
|
||||
end
|
||||
|
||||
function util.rate_limit_allowed(user_id, method, seconds)
|
||||
local last_call = db.query([[
|
||||
SELECT logged_at FROM api_rate_limits
|
||||
WHERE user_id = ? AND method = ?
|
||||
ORDER BY logged_at DESC LIMIT 1
|
||||
]], user_id, method)
|
||||
if #last_call == 0 or (os.time() - last_call[1].logged_at) >= seconds then
|
||||
db.query(
|
||||
"DELETE FROM api_rate_limits WHERE user_id = ? AND method = ?",
|
||||
user_id, method
|
||||
)
|
||||
db.query(
|
||||
"INSERT INTO api_rate_limits (user_id, method) VALUES (?, ?)",
|
||||
user_id, method
|
||||
)
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
return util
|
||||
|
Loading…
Reference in New Issue
Block a user