diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-22 15:08:58 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-22 15:08:58 +0300 |
| commit | ed45528885b7b44c61f18175fe7cdbda12360669 (patch) | |
| tree | 3d27c00a8a83d569cf238eaa05b7eb24b7a28a8d /lib | |
| parent | ab85af0f318ccbcfdd508e7a2f85788f26831785 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/repositories.rb | 6 | ||||
| -rw-r--r-- | lib/gitlab/application_rate_limiter.rb | 1 | ||||
| -rw-r--r-- | lib/gitlab/rate_limit_helpers.rb | 35 |
3 files changed, 42 insertions, 0 deletions
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 00473db1ff1..62f5b67af1e 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -13,6 +13,8 @@ module API end resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do helpers do + include ::Gitlab::RateLimitHelpers + def handle_project_member_errors(errors) if errors[:project_access].any? error!(errors[:project_access], 422) @@ -89,6 +91,10 @@ module API optional :format, type: String, desc: 'The archive format' end get ':id/repository/archive', requirements: { format: Gitlab::PathRegex.archive_formats_regex } do + if archive_rate_limit_reached?(current_user, user_project) + render_api_error!({ error: ::Gitlab::RateLimitHelpers::ARCHIVE_RATE_LIMIT_REACHED_MESSAGE }, 429) + end + send_git_archive user_project.repository, ref: params[:sha], format: params[:format], append_sha: true rescue not_found!('File') diff --git a/lib/gitlab/application_rate_limiter.rb b/lib/gitlab/application_rate_limiter.rb index 49e1f1edfb9..8468c1c6601 100644 --- a/lib/gitlab/application_rate_limiter.rb +++ b/lib/gitlab/application_rate_limiter.rb @@ -21,6 +21,7 @@ module Gitlab { project_export: { threshold: 1, interval: 5.minutes }, project_download_export: { threshold: 10, interval: 10.minutes }, + project_repositories_archive: { threshold: 5, interval: 1.minute }, project_generate_new_export: { threshold: 1, interval: 5.minutes }, project_import: { threshold: 30, interval: 10.minutes }, play_pipeline_schedule: { threshold: 1, interval: 1.minute }, diff --git a/lib/gitlab/rate_limit_helpers.rb b/lib/gitlab/rate_limit_helpers.rb new file mode 100644 index 00000000000..a7cab650968 --- /dev/null +++ b/lib/gitlab/rate_limit_helpers.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true + +module Gitlab + module RateLimitHelpers + ARCHIVE_RATE_LIMIT_REACHED_MESSAGE = 'This archive has been requested too many times. Try again later.' + ARCHIVE_RATE_ANONYMOUS_THRESHOLD = 100 # Allow 100 requests/min for anonymous users + ARCHIVE_RATE_THROTTLE_KEY = :project_repositories_archive + + def archive_rate_limit_reached?(user, project) + return false unless Feature.enabled?(:archive_rate_limit, default_enabled: true) + + key = ARCHIVE_RATE_THROTTLE_KEY + + if rate_limiter.throttled?(key, scope: [project], threshold: archive_rate_threshold_by_user(user)) + rate_limiter.log_request(request, "#{key}_request_limit".to_sym, user) + + return true + end + + false + end + + def archive_rate_threshold_by_user(user) + if user + nil # Use the defaults + else + ARCHIVE_RATE_ANONYMOUS_THRESHOLD + end + end + + def rate_limiter + ::Gitlab::ApplicationRateLimiter + end + end +end |