diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-04 00:06:23 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-04 00:06:23 +0300 |
commit | 4529c19950e412f0461910585414f8633d3b1b18 (patch) | |
tree | 00b75c579ef52b41fea09c516cd5286dee5df703 /lib/gitlab/auth | |
parent | ab7cf450ba19cf80b9534f25dc707b33845e3014 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/ip_rate_limiter.rb | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/lib/gitlab/auth/ip_rate_limiter.rb b/lib/gitlab/auth/ip_rate_limiter.rb index acb46abb6f3..f301a2ec2e8 100644 --- a/lib/gitlab/auth/ip_rate_limiter.rb +++ b/lib/gitlab/auth/ip_rate_limiter.rb @@ -9,41 +9,48 @@ module Gitlab def initialize(ip) @ip = ip - @banned = false - end - - def enabled? - config.enabled end def reset! + return if skip_rate_limit? + Rack::Attack::Allow2Ban.reset(ip, config) end def register_fail! - return false if trusted_ip? + return false if skip_rate_limit? # Allow2Ban.filter will return false if this IP has not failed too often yet - @banned = Rack::Attack::Allow2Ban.filter(ip, config) do + Rack::Attack::Allow2Ban.filter(ip, config) do # We return true to increment the count for this IP true end end def banned? - @banned - end + return false if skip_rate_limit? - def trusted_ip? - trusted_ips.any? { |netmask| netmask.include?(ip) } + Rack::Attack::Allow2Ban.banned?(ip) end private + def skip_rate_limit? + !enabled? || trusted_ip? + end + + def enabled? + config.enabled + end + def config Gitlab.config.rack_attack.git_basic_auth end + def trusted_ip? + trusted_ips.any? { |netmask| netmask.include?(ip) } + end + def trusted_ips strong_memoize(:trusted_ips) do config.ip_whitelist.map do |proxy| |