Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-09 21:09:19 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-09 21:09:19 +0000
commit: b5944525b015e4efb4cd2c1d09ec37566d7691a0 (patch)
tree: 23134355a45b69298483e6c08b65ef6b23b8bd26 /app/graphql/mutations/notes/create/base.rb
parent: 16cfd85bcf0046ae97d7ea84dae7eea3eafafe99 (diff)
download: gitlab-ce-b5944525b015e4efb4cd2c1d09ec37566d7691a0.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/graphql/mutations/notes/create/base.rb b/app/graphql/mutations/notes/create/base.rb
index 2351af01813..ad90e6598c1 100644
--- a/app/graphql/mutations/notes/create/base.rb
+++ b/app/graphql/mutations/notes/create/base.rb
@@ -25,6 +25,7 @@ module Mutations
 
         def resolve(args)
           noteable = authorized_find!(id: args[:noteable_id])
+          verify_rate_limit!(current_user)
 
           note = ::Notes::CreateService.new(
             noteable.project,
@@ -54,6 +55,14 @@ module Mutations
             confidential: args[:confidential]
           }
         end
+
+        def verify_rate_limit!(current_user)
+          rate_limiter, key = ::Gitlab::ApplicationRateLimiter, :notes_create
+          return unless rate_limiter.throttled?(key, scope: [current_user])
+
+          raise Gitlab::Graphql::Errors::ResourceNotAvailable,
+            'This endpoint has been requested too many times. Try again later.'
+        end
       end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-09 21:09:19 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-09 21:09:19 +0000
commit	b5944525b015e4efb4cd2c1d09ec37566d7691a0 (patch)
tree	23134355a45b69298483e6c08b65ef6b23b8bd26 /app/graphql/mutations/notes/create/base.rb
parent	16cfd85bcf0046ae97d7ea84dae7eea3eafafe99 (diff)
download	gitlab-ce-b5944525b015e4efb4cd2c1d09ec37566d7691a0.tar.gz