Add latest changes from gitlab-org/gitlab@master

5 files changed, 15 insertions, 14 deletions

diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb
index 0eaf74fd3a9..fc3be3ad009 100644
--- a/app/controllers/concerns/check_rate_limit.rb
+++ b/app/controllers/concerns/check_rate_limit.rb
@@ -8,10 +8,7 @@
 # See lib/api/helpers/rate_limiter.rb for API version
 module CheckRateLimit
   def check_rate_limit!(key, scope:, redirect_back: false, **options)
-    return if bypass_header_set?
-    return unless rate_limiter.throttled?(key, scope: scope, **options)
-
-    rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+    return unless Gitlab::ApplicationRateLimiter.throttled_request?(request, current_user, key, scope: scope, **options)
 
     return yield if block_given?
 
@@ -23,14 +20,4 @@ module CheckRateLimit
       render plain: message, status: :too_many_requests
     end
   end
-
-  private
-
-  def rate_limiter
-    ::Gitlab::ApplicationRateLimiter
-  end
-
-  def bypass_header_set?
-    ::Gitlab::Throttle.bypass_header.present? && request.get_header(Gitlab::Throttle.bypass_header) == '1'
-  end
 end
diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb
index 7b0d8cf8dcb..5060ce69d9c 100644
--- a/app/controllers/concerns/issuable_collections.rb
+++ b/app/controllers/concerns/issuable_collections.rb
@@ -3,6 +3,7 @@
 module IssuableCollections
   extend ActiveSupport::Concern
   include PaginatedCollection
+  include SearchRateLimitable
   include SortingHelper
   include SortingPreference
   include Gitlab::Utils::StrongMemoize
diff --git a/app/controllers/concerns/issuable_collections_action.rb b/app/controllers/concerns/issuable_collections_action.rb
index 7beb86b51fd..b8249345a54 100644
--- a/app/controllers/concerns/issuable_collections_action.rb
+++ b/app/controllers/concerns/issuable_collections_action.rb
@@ -5,6 +5,12 @@ module IssuableCollectionsAction
   include IssuableCollections
   include IssuesCalendar
 
+  included do
+    before_action :check_search_rate_limit!, only: [:issues, :merge_requests], if: -> {
+      params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches)
+    }
+  end
+
   # rubocop:disable Gitlab/ModuleWithInstanceVariables
   def issues
     show_alert_if_search_is_disabled
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 7dc7a4e55a8..7441ec46c28 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -27,6 +27,10 @@ class Projects::IssuesController < Projects::ApplicationController
   before_action :set_issuables_index, if: ->(c) {
     SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request?
   }
+  before_action :check_search_rate_limit!, if: ->(c) {
+    SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request? &&
+      params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches)
+  }
 
   # Allow write(create) issue
   before_action :authorize_create_issue!, only: [:new, :create]
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 3ab1f7d1d32..1b5ae7af252 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -28,6 +28,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     :codequality_mr_diff_reports
   ]
   before_action :set_issuables_index, only: [:index]
+  before_action :check_search_rate_limit!, only: [:index], if: -> {
+    params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches)
+  }
   before_action :authenticate_user!, only: [:assign_related_issues]
   before_action :check_user_can_push_to_source_branch!, only: [:rebase]