Add latest changes from gitlab-org/gitlab@12-10-stable-ee

4 files changed, 36 insertions, 29 deletions

diff --git a/lib/api/helpers/rate_limiter.rb b/lib/api/helpers/rate_limiter.rb
new file mode 100644
index 00000000000..5a531b5324a
--- /dev/null
+++ b/lib/api/helpers/rate_limiter.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module RateLimiter
+      def check_rate_limit!(key, scope)
+        if rate_limiter.throttled?(key, scope: scope)
+          log_request(key)
+          render_exceeded_limit_error!
+        end
+      end
+
+      private
+
+      def rate_limiter
+        ::Gitlab::ApplicationRateLimiter
+      end
+
+      def render_exceeded_limit_error!
+        render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+      end
+
+      def log_request(key)
+        rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+      end
+    end
+  end
+end
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index a78202877fb..f27afd0055f 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -4,6 +4,7 @@ module API
   class Issues < Grape::API
     include PaginationParams
     helpers Helpers::IssuesHelpers
+    helpers Helpers::RateLimiter
     helpers ::Gitlab::IssuableMetadata
 
     before { authenticate_non_get! }
@@ -211,6 +212,8 @@ module API
       post ':id/issues' do
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42320')
 
+        check_rate_limit! :issues_create, [current_user, :issues_create]
+
         authorize! :create_issue, user_project
 
         params.delete(:created_at) unless current_user.can?(:set_issue_created_at, user_project)
diff --git a/lib/api/project_export.rb b/lib/api/project_export.rb
index ef6a8f1a396..9fd9d13a20c 100644
--- a/lib/api/project_export.rb
+++ b/lib/api/project_export.rb
@@ -2,15 +2,8 @@
 
 module API
   class ProjectExport < Grape::API
-    helpers do
-      def throttled?(action)
-        rate_limiter.throttled?(action, scope: [current_user, action, user_project])
-      end
+    helpers Helpers::RateLimiter
 
-      def rate_limiter
-        ::Gitlab::ApplicationRateLimiter
-      end
-    end
     before do
       not_found! unless Gitlab::CurrentSettings.project_export_enabled?
       authorize_admin_project
@@ -32,9 +25,7 @@ module API
         detail 'This feature was introduced in GitLab 10.6.'
       end
       get ':id/export/download' do
-        if throttled?(:project_download_export)
-          render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429)
-        end
+        check_rate_limit! :project_download_export, [current_user, :project_download_export, user_project]
 
         if user_project.export_file_exists?
           present_carrierwave_file!(user_project.export_file)
@@ -54,9 +45,7 @@ module API
         end
       end
       post ':id/export' do
-        if throttled?(:project_export)
-          render_api_error!({ error: 'This endpoint has been requested too many times. Try again later.' }, 429)
-        end
+        check_rate_limit! :project_export, [current_user, :project_export, user_project]
 
         project_export_params = declared_params(include_missing: false)
         after_export_params = project_export_params.delete(:upload) || {}
diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb
index ffa9dd13754..0e83686cab2 100644
--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
@@ -8,19 +8,12 @@ module API
 
     helpers Helpers::ProjectsHelpers
     helpers Helpers::FileUploadHelpers
+    helpers Helpers::RateLimiter
 
     helpers do
       def import_params
         declared_params(include_missing: false)
       end
-
-      def throttled?(key, scope)
-        rate_limiter.throttled?(key, scope: scope)
-      end
-
-      def rate_limiter
-        ::Gitlab::ApplicationRateLimiter
-      end
     end
 
     before do
@@ -69,13 +62,7 @@ module API
       post 'import' do
         require_gitlab_workhorse!
 
-        key = "project_import".to_sym
-
-        if throttled?(key, [current_user, key])
-          rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-
-          render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
-        end
+        check_rate_limit! :project_import, [current_user, :project_import]
 
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')