Merge branch 'feat/auditlog' of https://github.com/weseek/growi into feat/93691-swrize-activity-list

packages/app/src/server/models/activity.ts

@@ -26,6 +26,7 @@ export interface ActivityDocument extends Document {
 }
 
 export interface ActivityModel extends Model<ActivityDocument> {
+  [x:string]: any
   getActionUsersFromActivities(activities: ActivityDocument[]): any[]
 }
 // TODO: add revision id
@@ -103,4 +104,16 @@ activitySchema.post('save', async(savedActivity: ActivityDocument) => {
   activityEvent.emit('create', targetUsers, savedActivity);
 });
 
+activitySchema.statics.getPaginatedActivity = async function(limit: number, offset: number) {
+  const paginateResult = await this.paginate(
+    {},
+    {
+      limit,
+      offset,
+      sort: { createdAt: -1 },
+    },
+  );
+  return paginateResult;
+};
+
 export default getOrCreateModel<ActivityDocument, ActivityModel>('Activity', activitySchema);

packages/app/src/server/routes/apiv3/activity.ts

@@ -1,6 +1,8 @@
 import express, { Request, Router } from 'express';
+import rateLimit from 'express-rate-limit';
 import { query } from 'express-validator';
 
+import Activity from '~/server/models/activity';
 import loggerFactory from '~/utils/logger';
 
 import Crowi from '../../crowi';
@@ -18,6 +20,13 @@ const validator = {
   ],
 };
 
+const apiLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 10, // limit each IP to 10 requests per windowMs
+  message:
+    'Too many requests were sent from this IP. Please try a password reset request again on the password reset request form',
+});
+
 module.exports = (crowi: Crowi): Router => {
   const adminRequired = require('../../middlewares/admin-required')(crowi);
   const accessTokenParser = require('../../middlewares/access-token-parser')(crowi);
@@ -25,15 +34,13 @@ module.exports = (crowi: Crowi): Router => {
 
   const router = express.Router();
 
-  const activityService = crowi.activityService;
-
-
-  router.get('/list', accessTokenParser, loginRequiredStrictly, adminRequired, validator.list, apiV3FormValidator, async(req: Request, res: ApiV3Response) => {
+  // eslint-disable-next-line max-len
+  router.get('/', apiLimiter, accessTokenParser, loginRequiredStrictly, adminRequired, validator.list, apiV3FormValidator, async(req: Request, res: ApiV3Response) => {
     const limit = req.query.limit || await crowi.configManager?.getConfig('crowi', 'customize:showPageLimitationS') || 10;
     const offset = req.query.offset || 1;
 
     try {
-      const paginatedActivity = await activityService.getPaginatedActivity(limit, offset);
+      const paginatedActivity = await Activity.getPaginatedActivity(limit, offset);
       return res.apiv3({ paginatedActivity });
     }
     catch (err) {

packages/app/src/server/service/activity.ts

@@ -33,23 +33,6 @@ class ActivityService {
     return this.find({ user }).sort({ createdAt: -1 }).exec();
   };
 
-  /**
-   * @param {number} limit
-   * @param {number} offset
-   */
-  getPaginatedActivity = async(limit: number, offset: number) => {
-    const Activity = getModelSafely('Activity') || require('../models/activity')(this.crowi);
-    const paginateResult = await Activity.paginate(
-      {},
-      {
-        limit,
-        offset,
-        sort: { createdAt: -1 },
-      },
-    );
-    return paginateResult;
-  }
-
 }
 
 module.exports = ActivityService;