withspectrum
diff --git a/‎analytics/package.json‎
Lines changed: 1 addition & 2 deletions b/‎analytics/package.json‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎analytics/yarn.lock‎
Lines changed: 4 additions & 4 deletions b/‎analytics/yarn.lock‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎api/authentication.js‎
Lines changed: 9 additions & 7 deletions b/‎api/authentication.js‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎api/index.js‎
Lines changed: 8 additions & 0 deletions b/‎api/index.js‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎api/mutations/thread/editThread.js‎
Lines changed: 5 additions & 0 deletions b/‎api/mutations/thread/editThread.js‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎api/mutations/thread/publishThread.js‎
Lines changed: 6 additions & 0 deletions b/‎api/mutations/thread/publishThread.js‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎api/package.json‎
Lines changed: 3 additions & 2 deletions b/‎api/package.json‎
Lines changed: 3 additions & 2 deletions
@@ -1,12 +1,11 @@
 {
-  "name": "analytics",
   "version": "1.0.0",
   "scripts": {
     "start": "NODE_ENV=production node main.js"
   },
   "dependencies": {
     "amplitude": "^3.5.0",
-    "aws-sdk": "^2.395.0",
+    "aws-sdk": "^2.409.0",
     "bull": "3.3.10",
     "datadog-metrics": "^0.8.1",
     "debug": "^4.1.1",
 
@@ -14,10 +14,10 @@ asynckit@^0.4.0:
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha1-x57Zf380y48robyXkLzDZkdLS3k=
 
-aws-sdk@^2.395.0:
-  version "2.395.0"
-  resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.395.0.tgz#637e5fa06d69bfb923b17bde24a8bd2a74dedab3"
-  integrity sha512-ldTTjctniZT4E2lq2z3D8Y2u+vpkp+laoEnDkXgjKXTKbiJ0QEtfWsUdx/IQ7awCt8stoxyqZK47DJOxIbRNoA==
+aws-sdk@^2.409.0:
+  version "2.409.0"
+  resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.409.0.tgz#d017060ba9e005487c68dc34a592af74d916f295"
+  integrity sha512-QV6j9zBQq/Kz8BqVOrJ03ABjMKtErXdUT1YdYEljoLQZimpzt0ZdQwJAsoZIsxxriOJgrqeZsQUklv9AFQaldQ==
   dependencies:
     buffer "4.9.1"
     events "1.1.1"
 
@@ -294,6 +294,11 @@ const init = () => {
         const githubUsername =
           profile.username || profile._json.login || fallbackUsername;
 
+        const existingUserWithProviderId = await getUserByIndex(
+          'githubProviderId',
+          profile.id
+        );
+
         if (req.user) {
           // if a user exists in the request body, it means the user is already
           // authed and is trying to connect a github account. Before we do so
@@ -302,7 +307,6 @@ const init = () => {
           // 2. The providerId returned from GitHub isnt' being used by another user
 
           // 1
-          // if the user already has a githubProviderId, don't override it
           if (req.user.githubProviderId) {
             /*
               Update the cached content of the github profile that we store
@@ -333,11 +337,6 @@ const init = () => {
             return done(null, req.user);
           }
 
-          const existingUserWithProviderId = await getUserByIndex(
-            'githubProviderId',
-            profile.id
-          );
-
           // 2
           // if no user exists with this provider id, it's safe to save on the req.user's object
           if (!existingUserWithProviderId) {
@@ -359,7 +358,10 @@ const init = () => {
 
           // if a user exists with this provider id, don't do anything and return
           if (existingUserWithProviderId) {
-            return done(null, req.user);
+            return done(null, req.user, {
+              message:
+                'Your GitHub account is already linked to another Spectrum profile.',
+            });
           }
         }
 
 
@@ -17,6 +17,7 @@ import { init as initPassport } from './authentication.js';
 import apolloServer from './apollo-server';
 import { corsOptions } from 'shared/middlewares/cors';
 import errorHandler from 'shared/middlewares/error-handler';
+import rateLimiter from 'shared/middlewares/rate-limiter';
 import middlewares from './routes/middlewares';
 import authRoutes from './routes/auth';
 import apiRoutes from './routes/api';
@@ -43,6 +44,13 @@ app.use(statsd);
 // Trust the now proxy
 app.set('trust proxy', true);
 app.use(toobusy);
+// Allow bursts of up to 40 req for initial page loads, but block more than 40 / 10s
+app.use(
+  rateLimiter({
+    max: 40,
+    duration: '10s',
+  })
+);
 
 // Security middleware.
 addSecurityMiddleware(app, { enableNonce: false, enableCSP: false });
 
@@ -1,4 +1,5 @@
 // @flow
+const debug = require('debug')('api:mutations:edit-thread');
 import type { GraphQLContext } from '../../';
 import type { EditThreadInput } from '../../models/thread';
 import UserError from '../../utils/UserError';
@@ -7,6 +8,7 @@ import { getThreads, editThread } from '../../models/thread';
 import { getUserPermissionsInCommunity } from '../../models/usersCommunities';
 import { getUserPermissionsInChannel } from '../../models/usersChannels';
 import { isAuthedResolver as requireAuth } from '../../utils/permissions';
+import processThreadContent from 'shared/draft-utils/process-thread-content';
 import { events } from 'shared/analytics';
 import { trackQueue } from 'shared/bull/queues';
 import {
@@ -83,6 +85,8 @@ export default requireAuth(async (_: any, args: Input, ctx: GraphQLContext) => {
     );
   }
 
+  input.content.body = processThreadContent('TEXT', input.content.body || '');
+
   /*
     When threads are sent to the client, all image urls are signed and proxied
     via imgix. If a user edits the thread, we have to restore all image upload
@@ -130,6 +134,7 @@ export default requireAuth(async (_: any, args: Input, ctx: GraphQLContext) => {
     });
   }
 
+  debug('store new body to database:', initialBody);
   const newInput = Object.assign({}, input, {
     ...input,
     content: {
 
@@ -197,6 +197,12 @@ export default requireAuth(
 
       const checkForSpam = usersPreviousPublishedThreads.map(t => {
         if (!t) return false;
+        if (
+          usersPreviousPublishedThreads.length === 1 &&
+          usersPreviousPublishedThreads[0] &&
+          usersPreviousPublishedThreads[0].deletedAt
+        )
+          return false;
 
         const incomingTitle = thread.content.title;
         const thisTitle = t.content.title;
 
@@ -5,7 +5,7 @@
   "dependencies": {
     "algoliasearch": "^3.32.0",
     "apollo-local-query": "^0.3.1",
-    "apollo-server-express": "^2.4.2",
+    "apollo-server-express": "^2.4.6",
     "apollo-upload-client": "^9.1.0",
     "aws-sdk": "2.200.0",
     "axios": "^0.16.2",
@@ -71,7 +71,7 @@
     "iterall": "^1.2.2",
     "jest": "^21.2.1",
     "json-stringify-pretty-compact": "^1.2.0",
-    "jsonwebtoken": "^8.4.0",
+    "jsonwebtoken": "^8.5.0",
     "keygrip": "^1.0.3",
     "linkify-it": "^2.1.0",
     "localstorage-memory": "^1.0.3",
@@ -92,6 +92,7 @@
     "pre-commit": "^1.2.2",
     "prismjs": "^1.15.0",
     "query-string": "5.1.1",
+    "ratelimiter": "^3.2.0",
     "raven": "^2.6.4",
     "react": "^15.4.1",
     "react-app-rewire-styled-components": "^3.0.2",