Skip to content

Commit b039138

Browse files
committed
refactor(notebooks): move permission check to route level to preserve rate limit -> permission check ordering to reduce redundant permission checks
Signed-off-by: Jordan Dubrick <jdubrick@redhat.com>
1 parent e22d5c7 commit b039138

1 file changed

Lines changed: 10 additions & 1 deletion

File tree

workspaces/lightspeed/plugins/lightspeed-backend/src/service/notebooks/notebooksRouters.ts

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -270,11 +270,11 @@ export async function createNotebooksRouter(
270270
'/v1',
271271
createIdentityMiddleware(httpAuth, userInfo, logger),
272272
);
273-
notebooksRouter.use('/v1', requireNotebooksPermission);
274273

275274
notebooksRouter.post(
276275
'/v1/sessions',
277276
generalRateLimiter,
277+
requireNotebooksPermission,
278278
withAuth(async (req, res, userId) => {
279279
const { name, description, metadata } = req.body;
280280
if (!name) {
@@ -294,6 +294,7 @@ export async function createNotebooksRouter(
294294
notebooksRouter.get(
295295
'/v1/sessions',
296296
generalRateLimiter,
297+
requireNotebooksPermission,
297298
withAuth(async (_req, res, userId) => {
298299
const sessions = await sessionService.listSessions(userId);
299300
res.json(createSessionListResponse(sessions));
@@ -303,6 +304,7 @@ export async function createNotebooksRouter(
303304
notebooksRouter.get(
304305
'/v1/sessions/:sessionId',
305306
generalRateLimiter,
307+
requireNotebooksPermission,
306308
withAuth(async (req, res, userId) => {
307309
const { sessionId } = req.params;
308310
const session = await sessionService.readSession(sessionId, userId);
@@ -315,6 +317,7 @@ export async function createNotebooksRouter(
315317
notebooksRouter.put(
316318
'/v1/sessions/:sessionId',
317319
generalRateLimiter,
320+
requireNotebooksPermission,
318321
withAuth(async (req, res, userId) => {
319322
const { sessionId } = req.params;
320323
const { name, description, metadata } = req.body;
@@ -332,6 +335,7 @@ export async function createNotebooksRouter(
332335
notebooksRouter.delete(
333336
'/v1/sessions/:sessionId',
334337
generalRateLimiter,
338+
requireNotebooksPermission,
335339
withAuth(async (req, res, userId) => {
336340
const { sessionId } = req.params;
337341
await sessionService.deleteSession(sessionId, userId);
@@ -347,6 +351,7 @@ export async function createNotebooksRouter(
347351
notebooksRouter.get(
348352
'/v1/sessions/:sessionId/documents',
349353
generalRateLimiter,
354+
requireNotebooksPermission,
350355
requireSessionOwnership(),
351356
withAuth(async (req, res) => {
352357
const { sessionId } = req.params;
@@ -362,6 +367,7 @@ export async function createNotebooksRouter(
362367
notebooksRouter.put(
363368
'/v1/sessions/:sessionId/documents',
364369
expensiveRateLimiter,
370+
requireNotebooksPermission,
365371
upload.single('file') as any,
366372
withAuth(async (req, res, userId) => {
367373
const { sessionId } = req.params;
@@ -413,6 +419,7 @@ export async function createNotebooksRouter(
413419
notebooksRouter.get(
414420
'/v1/sessions/:sessionId/documents/:documentId/status',
415421
generalRateLimiter,
422+
requireNotebooksPermission,
416423
requireSessionOwnership(),
417424
withAuth(async (req, res) => {
418425
const { sessionId, documentId } = req.params;
@@ -432,6 +439,7 @@ export async function createNotebooksRouter(
432439
notebooksRouter.delete(
433440
'/v1/sessions/:sessionId/documents/:documentId',
434441
generalRateLimiter,
442+
requireNotebooksPermission,
435443
requireSessionOwnership(),
436444
withAuth(async (req, res) => {
437445
const { sessionId, documentId } = req.params;
@@ -457,6 +465,7 @@ export async function createNotebooksRouter(
457465
notebooksRouter.post(
458466
'/v1/sessions/:sessionId/query',
459467
expensiveRateLimiter,
468+
requireNotebooksPermission,
460469
express.json({ limit: EXPRESS_JSON_BODY_LIMIT }),
461470
withAuth(async (req, res, userId) => {
462471
const { sessionId } = req.params;

0 commit comments

Comments
 (0)