diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 18:18:33 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 18:18:33 +0000 |
commit | f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch) | |
tree | a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /app/controllers/concerns/check_rate_limit.rb | |
parent | bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff) | |
download | gitlab-ce-f64a639bcfa1fc2bc89ca7db268f594306edfd7c.tar.gz |
Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40
Diffstat (limited to 'app/controllers/concerns/check_rate_limit.rb')
-rw-r--r-- | app/controllers/concerns/check_rate_limit.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb new file mode 100644 index 00000000000..c4de3315e22 --- /dev/null +++ b/app/controllers/concerns/check_rate_limit.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +# == CheckRateLimit +# +# Controller concern that checks if the rate limit for a given action is throttled by calling the +# Gitlab::ApplicationRateLimiter class. If the action is throttled for the current user, the request +# will be logged and an error message will be rendered with a Too Many Requests response status. +module CheckRateLimit + def check_rate_limit(key) + return unless rate_limiter.throttled?(key, scope: current_user, users_allowlist: rate_limit_users_allowlist) + + rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) + render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests + end + + def rate_limiter + ::Gitlab::ApplicationRateLimiter + end + + def rate_limit_users_allowlist + Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist + end +end |