Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42

1 files changed, 23 insertions, 0 deletions

diff --git a/app/graphql/resolvers/concerns/search_arguments.rb b/app/graphql/resolvers/concerns/search_arguments.rb
index ccc012f2bf9..cc1a13fdf29 100644
--- a/app/graphql/resolvers/concerns/search_arguments.rb
+++ b/app/graphql/resolvers/concerns/search_arguments.rb
@@ -18,6 +18,7 @@ module SearchArguments
   def ready?(**args)
     validate_search_in_params!(args)
     validate_anonymous_search_access!(args)
+    validate_search_rate_limit!(args)
 
     super
   end
@@ -39,6 +40,28 @@ module SearchArguments
           '`search` should be present when including the `in` argument'
   end
 
+  def validate_search_rate_limit!(args)
+    return if args[:search].blank? || context[:request].nil? || Feature.disabled?(:rate_limit_issuable_searches)
+
+    if current_user.present?
+      rate_limiter_key = :search_rate_limit
+      rate_limiter_scope = [current_user]
+    else
+      rate_limiter_key = :search_rate_limit_unauthenticated
+      rate_limiter_scope = [context[:request].ip]
+    end
+
+    if ::Gitlab::ApplicationRateLimiter.throttled_request?(
+      context[:request],
+      current_user,
+      rate_limiter_key,
+      scope: rate_limiter_scope
+    )
+      raise Gitlab::Graphql::Errors::ResourceNotAvailable,
+        'This endpoint has been requested with the search argument too many times. Try again later.'
+    end
+  end
+
   def prepare_finder_params(args)
     prepare_search_params(args)
   end