Skip to content
This repository has been archived by the owner on Jan 13, 2021. It is now read-only.

Commit

Permalink
api/v2: do not let free tier users remove pins
Browse files Browse the repository at this point in the history
  • Loading branch information
postables committed May 1, 2020
1 parent 4259d56 commit cc6c6cd
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions api/v2/routes_rtfs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,6 +402,15 @@ func (api *API) removePin(c *gin.Context) {
api.LogError(c, err, eh.NoAPITokenError)(http.StatusBadRequest)
return
}
// dont let free users be able to unpin as this can be used as an
// attack vector to spam ipfs nodes with pins
if usg, err := api.usage.FindByUserName(username); err != nil {
api.LogError(c, err, eh.UserSearchError)(http.StatusBadRequest)
return
} else if usg.Tier == models.Free {
Fail(c, errors.New("free tier accounts are unable to remove pins, please upgrade your tier"), http.StatusBadRequest)
return
}
// validate hash
hash := c.Param("hash")
if _, err := gocid.Decode(hash); err != nil {
Expand Down

0 comments on commit cc6c6cd

Please sign in to comment.