diff options
author | Stan Hu <stanhu@gmail.com> | 2017-12-09 01:01:42 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2017-12-12 15:07:25 -0800 |
commit | 54f13b1ec8542dc5085e0367734e8344c2c3d01e (patch) | |
tree | b5557f077e3d1d13e7148a5eaba682b9000153ca /app | |
parent | f8c3a58a54d622193a0cf15777a0d0631289278c (diff) | |
download | gitlab-ce-54f13b1ec8542dc5085e0367734e8344c2c3d01e.tar.gz |
Add rate limiting to guard against excessive scheduling of pipelines
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/pipeline_schedules_controller.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index fe77d8eabeb..b7a0a3591cd 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -42,6 +42,13 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController end def play + limiter = ::Gitlab::ActionRateLimiter.new(action: 'play_pipeline_schedule') + + if limiter.throttled?(throttle_key, 1) + flash[:notice] = 'You cannot play this scheduled pipeline at the moment. Please wait a minute.' + return redirect_to pipeline_schedules_path(@project) + end + job_id = RunPipelineScheduleWorker.perform_async(schedule.id, current_user.id) flash[:notice] = @@ -74,6 +81,10 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController private + def throttle_key + "user:#{current_user.id}:schedule:#{schedule.id}" + end + def schedule @schedule ||= project.pipeline_schedules.find(params[:id]) end |