diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-17 18:11:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-17 18:11:44 +0300 |
commit | 3b9468e8b913d43f45e472b69b98c9da05f338bb (patch) | |
tree | a74e3d2a5b71a1e2a96c3751a04e9a78d36ee6f5 /lib/gitlab/rack_attack.rb | |
parent | bb5c4817e58efb92d6be81e028d55adc9626e5da (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/rack_attack.rb')
-rw-r--r-- | lib/gitlab/rack_attack.rb | 48 |
1 files changed, 15 insertions, 33 deletions
diff --git a/lib/gitlab/rack_attack.rb b/lib/gitlab/rack_attack.rb index 64c2faf7d50..3f4c0fa45aa 100644 --- a/lib/gitlab/rack_attack.rb +++ b/lib/gitlab/rack_attack.rb @@ -82,9 +82,21 @@ module Gitlab end def self.configure_throttles(rack_attack) - throttle_or_track(rack_attack, 'throttle_unauthenticated_api', Gitlab::Throttle.unauthenticated_api_options) do |req| - if req.throttle_unauthenticated_api? - req.ip + # Each of these settings follows the same pattern of specifying separate + # authenticated and unauthenticated rates via settings + Gitlab::Throttle::REGULAR_THROTTLES.each do |throttle| + unauthenticated_options = Gitlab::Throttle.options(throttle, authenticated: false) + throttle_or_track(rack_attack, "throttle_unauthenticated_#{throttle}", unauthenticated_options) do |req| + if req.throttle?(throttle, authenticated: false) + req.ip + end + end + + authenticated_options = Gitlab::Throttle.options(throttle, authenticated: true) + throttle_or_track(rack_attack, "throttle_authenticated_#{throttle}", authenticated_options) do |req| + if req.throttle?(throttle, authenticated: true) + req.throttled_user_id([:api]) + end end end @@ -94,12 +106,6 @@ module Gitlab end end - throttle_or_track(rack_attack, 'throttle_authenticated_api', Gitlab::Throttle.authenticated_api_options) do |req| - if req.throttle_authenticated_api? - req.throttled_user_id([:api]) - end - end - # Product analytics feature is in experimental stage. # At this point we want to limit amount of events registered # per application (aid stands for application id). @@ -133,36 +139,12 @@ module Gitlab end end - throttle_or_track(rack_attack, 'throttle_unauthenticated_packages_api', Gitlab::Throttle.unauthenticated_packages_api_options) do |req| - if req.throttle_unauthenticated_packages_api? - req.ip - end - end - - throttle_or_track(rack_attack, 'throttle_authenticated_packages_api', Gitlab::Throttle.authenticated_packages_api_options) do |req| - if req.throttle_authenticated_packages_api? - req.throttled_user_id([:api]) - end - end - throttle_or_track(rack_attack, 'throttle_authenticated_git_lfs', Gitlab::Throttle.throttle_authenticated_git_lfs_options) do |req| if req.throttle_authenticated_git_lfs? req.throttled_user_id([:api]) end end - throttle_or_track(rack_attack, 'throttle_unauthenticated_files_api', Gitlab::Throttle.unauthenticated_files_api_options) do |req| - if req.throttle_unauthenticated_files_api? - req.ip - end - end - - throttle_or_track(rack_attack, 'throttle_authenticated_files_api', Gitlab::Throttle.authenticated_files_api_options) do |req| - if req.throttle_authenticated_files_api? - req.throttled_user_id([:api]) - end - end - rack_attack.safelist('throttle_bypass_header') do |req| Gitlab::Throttle.bypass_header.present? && req.get_header(Gitlab::Throttle.bypass_header) == '1' |