diff options
Diffstat (limited to 'lib/gitlab/rack_attack/request.rb')
-rw-r--r-- | lib/gitlab/rack_attack/request.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/gitlab/rack_attack/request.rb b/lib/gitlab/rack_attack/request.rb index a03116f5bb2..e45782b8be0 100644 --- a/lib/gitlab/rack_attack/request.rb +++ b/lib/gitlab/rack_attack/request.rb @@ -5,8 +5,9 @@ module Gitlab module Request include ::Gitlab::Utils::StrongMemoize - FILES_PATH_REGEX = %r{^/api/v\d+/projects/[^/]+/repository/files/.+}.freeze - GROUP_PATH_REGEX = %r{^/api/v\d+/groups/[^/]+/?$}.freeze + API_PATH_REGEX = %r{^/api/|/oauth/} + FILES_PATH_REGEX = %r{^/api/v\d+/projects/[^/]+/repository/files/.+} + GROUP_PATH_REGEX = %r{^/api/v\d+/groups/[^/]+/?$} def unauthenticated? !(authenticated_identifier([:api, :rss, :ics]) || authenticated_runner_id) @@ -32,7 +33,11 @@ module Gitlab end def api_request? - logical_path.start_with?('/api') + if ::Feature.enabled?(:rate_limit_oauth_api, ::Feature.current_request) + matches?(API_PATH_REGEX) + else + logical_path.start_with?('/api') + end end def logical_path |