Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-27 09:08:32 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-27 09:08:32 +0000
commit: c8e28a0bb8dd45d91cb72ff2c930bc4a562f1fc7 (patch)
tree: a6b5d07b456c9494eb68ed210af74b58dc699a26 /lib
parent: eace733dca6e5c87315b42f42eb4d8f05934d6de (diff)
download: gitlab-ce-c8e28a0bb8dd45d91cb72ff2c930bc4a562f1fc7.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb
index b3f17447ea0..7e0bd299761 100644
--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
@@ -18,6 +18,14 @@ module API
       def validate_file!
         render_api_error!('The file is invalid', 400) unless file_is_valid?
       end
+
+      def throttled?(key, scope)
+        rate_limiter.throttled?(key, scope: scope)
+      end
+
+      def rate_limiter
+        ::Gitlab::ApplicationRateLimiter
+      end
     end
 
     before do
@@ -43,6 +51,14 @@ module API
         success Entities::ProjectImportStatus
       end
       post 'import' do
+        key = "project_import".to_sym
+
+        if throttled?(key, [current_user, key])
+          rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+
+          render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+        end
+
         validate_file!
 
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-27 09:08:32 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-27 09:08:32 +0000
commit	c8e28a0bb8dd45d91cb72ff2c930bc4a562f1fc7 (patch)
tree	a6b5d07b456c9494eb68ed210af74b58dc699a26 /lib
parent	eace733dca6e5c87315b42f42eb4d8f05934d6de (diff)
download	gitlab-ce-c8e28a0bb8dd45d91cb72ff2c930bc4a562f1fc7.tar.gz