diff options
Diffstat (limited to 'app/graphql/mutations/notes/create/base.rb')
-rw-r--r-- | app/graphql/mutations/notes/create/base.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/graphql/mutations/notes/create/base.rb b/app/graphql/mutations/notes/create/base.rb index 2351af01813..a157a5abdf2 100644 --- a/app/graphql/mutations/notes/create/base.rb +++ b/app/graphql/mutations/notes/create/base.rb @@ -25,6 +25,7 @@ module Mutations def resolve(args) noteable = authorized_find!(id: args[:noteable_id]) + verify_rate_limit!(current_user) note = ::Notes::CreateService.new( noteable.project, @@ -54,6 +55,20 @@ module Mutations confidential: args[:confidential] } end + + def verify_rate_limit!(current_user) + return unless rate_limit_throttled? + + raise Gitlab::Graphql::Errors::ResourceNotAvailable, + 'This endpoint has been requested too many times. Try again later.' + end + + def rate_limit_throttled? + rate_limiter = ::Gitlab::ApplicationRateLimiter + allowlist = Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist + + rate_limiter.throttled?(:notes_create, scope: [current_user], users_allowlist: allowlist) + end end end end |