Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40

1 files changed, 23 insertions, 0 deletions

diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb
new file mode 100644
index 00000000000..c4de3315e22
--- /dev/null
+++ b/app/controllers/concerns/check_rate_limit.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+# == CheckRateLimit
+#
+# Controller concern that checks if the rate limit for a given action is throttled by calling the
+# Gitlab::ApplicationRateLimiter class. If the action is throttled for the current user, the request
+# will be logged and an error message will be rendered with a Too Many Requests response status.
+module CheckRateLimit
+  def check_rate_limit(key)
+    return unless rate_limiter.throttled?(key, scope: current_user, users_allowlist: rate_limit_users_allowlist)
+
+    rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+    render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
+  end
+
+  def rate_limiter
+    ::Gitlab::ApplicationRateLimiter
+  end
+
+  def rate_limit_users_allowlist
+    Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist
+  end
+end