Add rate limiting to guard against excessive scheduling of pipelines

author: Stan Hu <stanhu@gmail.com> 2017-12-09 01:01:42 -0800
committer: Stan Hu <stanhu@gmail.com> 2017-12-12 15:07:25 -0800
commit: 54f13b1ec8542dc5085e0367734e8344c2c3d01e (patch)
tree: b5557f077e3d1d13e7148a5eaba682b9000153ca /app
parent: f8c3a58a54d622193a0cf15777a0d0631289278c (diff)
download: gitlab-ce-54f13b1ec8542dc5085e0367734e8344c2c3d01e.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index fe77d8eabeb..b7a0a3591cd 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -42,6 +42,13 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   end
 
   def play
+    limiter = ::Gitlab::ActionRateLimiter.new(action: 'play_pipeline_schedule')
+
+    if limiter.throttled?(throttle_key, 1)
+      flash[:notice] = 'You cannot play this scheduled pipeline at the moment. Please wait a minute.'
+      return redirect_to pipeline_schedules_path(@project)
+    end
+
     job_id = RunPipelineScheduleWorker.perform_async(schedule.id, current_user.id)
 
     flash[:notice] =
@@ -74,6 +81,10 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
 
   private
 
+  def throttle_key
+    "user:#{current_user.id}:schedule:#{schedule.id}"
+  end
+
   def schedule
     @schedule ||= project.pipeline_schedules.find(params[:id])
   end
author	Stan Hu <stanhu@gmail.com>	2017-12-09 01:01:42 -0800
committer	Stan Hu <stanhu@gmail.com>	2017-12-12 15:07:25 -0800
commit	54f13b1ec8542dc5085e0367734e8344c2c3d01e (patch)
tree	b5557f077e3d1d13e7148a5eaba682b9000153ca /app
parent	f8c3a58a54d622193a0cf15777a0d0631289278c (diff)
download	gitlab-ce-54f13b1ec8542dc5085e0367734e8344c2c3d01e.tar.gz