Add latest changes from gitlab-org/gitlab@master

3 files changed, 33 insertions, 11 deletions

diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index 72e939a3310..6a7e2b69652 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -83,12 +83,14 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   def play_rate_limit
     return unless current_user
 
-    limiter = ::Gitlab::ActionRateLimiter.new(action: :play_pipeline_schedule)
-
-    return unless limiter.throttled?([current_user, schedule], 1)
+    if rate_limiter.throttled?(:play_pipeline_schedule, scope: [current_user, schedule])
+      flash[:alert] = _('You cannot play this scheduled pipeline at the moment. Please wait a minute.')
+      redirect_to pipeline_schedules_path(@project)
+    end
+  end
 
-    flash[:alert] = _('You cannot play this scheduled pipeline at the moment. Please wait a minute.')
-    redirect_to pipeline_schedules_path(@project)
+  def rate_limiter
+    ::Gitlab::ApplicationRateLimiter
   end
 
   def schedule
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index c94fdd9483d..985587268c5 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -19,14 +19,16 @@ class Projects::RawController < Projects::ApplicationController
   private
 
   def show_rate_limit
-    limiter = ::Gitlab::ActionRateLimiter.new(action: :show_raw_controller)
+    if rate_limiter.throttled?(:show_raw_controller, scope: [@project, @commit, @path], threshold: raw_blob_request_limit)
+      rate_limiter.log_request(request, :raw_blob_request_limit, current_user)
 
-    return unless limiter.throttled?([@project, @commit, @path], raw_blob_request_limit)
-
-    limiter.log_request(request, :raw_blob_request_limit, current_user)
+      flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
+      redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
+    end
+  end
 
-    flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
-    redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
+  def rate_limiter
+    ::Gitlab::ApplicationRateLimiter
   end
 
   def raw_blob_request_limit
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index e5dea031bb5..47d6fb67108 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -32,6 +32,9 @@ class ProjectsController < Projects::ApplicationController
   before_action :authorize_archive_project!, only: [:archive, :unarchive]
   before_action :event_filter, only: [:show, :activity]
 
+  # Project Export Rate Limit
+  before_action :export_rate_limit, only: [:export, :download_export, :generate_new_export]
+
   layout :determine_layout
 
   def index
@@ -465,6 +468,21 @@ class ProjectsController < Projects::ApplicationController
   def present_project
     @project = @project.present(current_user: current_user)
   end
+
+  def export_rate_limit
+    prefixed_action = "project_#{params[:action]}".to_sym
+
+    if rate_limiter.throttled?(prefixed_action, scope: [current_user, prefixed_action, @project])
+      rate_limiter.log_request(request, "#{prefixed_action}_request_limit".to_sym, current_user)
+
+      flash[:alert] = _('This endpoint has been requested too many times. Try again later.')
+      redirect_to edit_project_path(@project)
+    end
+  end
+
+  def rate_limiter
+    ::Gitlab::ApplicationRateLimiter
+  end
 end
 
 ProjectsController.prepend_if_ee('EE::ProjectsController')