diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2019-07-24 19:49:31 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-07-24 19:49:31 +0000 |
| commit | 3cefc5d7df09dbc21cd9c892bc6c62b5b583ca6a (patch) | |
| tree | 2e996ca71e4e16c74f1be94d1f7143ac3e49dad6 /lib/gitlab | |
| parent | b70dbabb6373e7624e3bcb7a6d78049621db891c (diff) | |
| download | gitlab-ce-3cefc5d7df09dbc21cd9c892bc6c62b5b583ca6a.tar.gz | |
Add RateLimiter to RawController
* Limits raw requests to 300 per minute and per raw path.
* Add a new attribute to ApplicationSettings so user can change this
value on their instance.
* Uses Gitlab::ActionRateLimiter to limit the raw requests.
* Add a new method into ActionRateLimiter to log the event into auth.log
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717
Diffstat (limited to 'lib/gitlab')
| -rw-r--r-- | lib/gitlab/action_rate_limiter.rb | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/lib/gitlab/action_rate_limiter.rb b/lib/gitlab/action_rate_limiter.rb index c442211e073..fdb06d00548 100644 --- a/lib/gitlab/action_rate_limiter.rb +++ b/lib/gitlab/action_rate_limiter.rb @@ -33,16 +33,48 @@ module Gitlab # Increments the given key and returns true if the action should # be throttled. # - # key - An array of ActiveRecord instances - # threshold_value - The maximum number of times this action should occur in the given time interval + # key - An array of ActiveRecord instances or strings + # threshold_value - The maximum number of times this action should occur in the given time interval. If number is zero is considered disabled. def throttled?(key, threshold_value) - self.increment(key) > threshold_value + threshold_value > 0 && + self.increment(key) > threshold_value + end + + # Logs request into auth.log + # + # request - Web request to be logged + # type - A symbol key that represents the request. + # current_user - Current user of the request, it can be nil. + def log_request(request, type, current_user) + request_information = { + message: 'Action_Rate_Limiter_Request', + env: type, + ip: request.ip, + request_method: request.request_method, + fullpath: request.fullpath + } + + if current_user + request_information.merge!({ + user_id: current_user.id, + username: current_user.username + }) + end + + Gitlab::AuthLogger.error(request_information) end private def action_key(key) - serialized = key.map { |obj| "#{obj.class.model_name.to_s.underscore}:#{obj.id}" }.join(":") + serialized = key.map do |obj| + if obj.is_a?(String) + "#{obj}" + else + "#{obj.class.model_name.to_s.underscore}:#{obj.id}" + end + end.join(":") + "action_rate_limiter:#{action}:#{serialized}" end end |