diff options
Diffstat (limited to 'lib/api/internal/base.rb')
| -rw-r--r-- | lib/api/internal/base.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb index b53f855c3a2..6f475fa8d74 100644 --- a/lib/api/internal/base.rb +++ b/lib/api/internal/base.rb @@ -39,6 +39,7 @@ module API container.lfs_http_url_to_repo end + # rubocop: disable Metrics/AbcSize def check_allowed(params) # This is a separate method so that EE can alter its behaviour more # easily. @@ -47,6 +48,14 @@ module API check_rate_limit!(:gitlab_shell_operation, scope: [params[:action], params[:project], actor.key_or_user]) end + if Feature.enabled?(:rate_limit_gitlab_shell_by_ip, actor.user) + rate_limiter = Gitlab::Auth::IpRateLimiter.new(request.ip) + + unless rate_limiter.trusted_ip? + check_rate_limit!(:gitlab_shell_operation, scope: [params[:action], params[:project], rate_limiter.ip]) + end + end + # Stores some Git-specific env thread-safely env = parse_env Gitlab::Git::HookEnv.set(gl_repository, env) if container @@ -101,6 +110,7 @@ module API response_with_status(code: 500, success: false, message: UNKNOWN_CHECK_RESULT_ERROR) end end + # rubocop: enable Metrics/AbcSize def send_git_audit_streaming_event(msg) # Defined in EE |