diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-22 03:09:39 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-22 03:09:39 +0000 |
commit | f8edcff7e9aff93f8ac605c19e542204b0ed9ba2 (patch) | |
tree | fe45e8bc69f5c68c6d4ee7505a4d61c4fdb70299 /app/controllers | |
parent | d61d19da54b0fb8fd54df4007fa95cd39db17e57 (diff) | |
download | gitlab-ce-f8edcff7e9aff93f8ac605c19e542204b0ed9ba2.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers')
5 files changed, 15 insertions, 14 deletions
diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb index 0eaf74fd3a9..fc3be3ad009 100644 --- a/app/controllers/concerns/check_rate_limit.rb +++ b/app/controllers/concerns/check_rate_limit.rb @@ -8,10 +8,7 @@ # See lib/api/helpers/rate_limiter.rb for API version module CheckRateLimit def check_rate_limit!(key, scope:, redirect_back: false, **options) - return if bypass_header_set? - return unless rate_limiter.throttled?(key, scope: scope, **options) - - rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) + return unless Gitlab::ApplicationRateLimiter.throttled_request?(request, current_user, key, scope: scope, **options) return yield if block_given? @@ -23,14 +20,4 @@ module CheckRateLimit render plain: message, status: :too_many_requests end end - - private - - def rate_limiter - ::Gitlab::ApplicationRateLimiter - end - - def bypass_header_set? - ::Gitlab::Throttle.bypass_header.present? && request.get_header(Gitlab::Throttle.bypass_header) == '1' - end end diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 7b0d8cf8dcb..5060ce69d9c 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -3,6 +3,7 @@ module IssuableCollections extend ActiveSupport::Concern include PaginatedCollection + include SearchRateLimitable include SortingHelper include SortingPreference include Gitlab::Utils::StrongMemoize diff --git a/app/controllers/concerns/issuable_collections_action.rb b/app/controllers/concerns/issuable_collections_action.rb index 7beb86b51fd..b8249345a54 100644 --- a/app/controllers/concerns/issuable_collections_action.rb +++ b/app/controllers/concerns/issuable_collections_action.rb @@ -5,6 +5,12 @@ module IssuableCollectionsAction include IssuableCollections include IssuesCalendar + included do + before_action :check_search_rate_limit!, only: [:issues, :merge_requests], if: -> { + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } + end + # rubocop:disable Gitlab/ModuleWithInstanceVariables def issues show_alert_if_search_is_disabled diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 7dc7a4e55a8..7441ec46c28 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -27,6 +27,10 @@ class Projects::IssuesController < Projects::ApplicationController before_action :set_issuables_index, if: ->(c) { SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request? } + before_action :check_search_rate_limit!, if: ->(c) { + SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request? && + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } # Allow write(create) issue before_action :authorize_create_issue!, only: [:new, :create] diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 3ab1f7d1d32..1b5ae7af252 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -28,6 +28,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo :codequality_mr_diff_reports ] before_action :set_issuables_index, only: [:index] + before_action :check_search_rate_limit!, only: [:index], if: -> { + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } before_action :authenticate_user!, only: [:assign_related_issues] before_action :check_user_can_push_to_source_branch!, only: [:rebase] |