summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/admin/application_settings_controller.rb1
-rw-r--r--app/controllers/projects/raw_controller.rb20
-rw-r--r--app/models/application_setting_implementation.rb3
-rw-r--r--app/views/admin/application_settings/_performance.html.haml6
4 files changed, 29 insertions, 1 deletions
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index e9ec8876688..99411641874 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -106,6 +106,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:lets_encrypt_notification_email,
:lets_encrypt_terms_of_service_accepted,
:domain_blacklist_file,
+ :raw_blob_request_limit,
disabled_oauth_sign_in_sources: [],
import_sources: [],
repository_storages: [],
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index 42ae5b0ef3c..3254229d9cb 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -8,10 +8,30 @@ class Projects::RawController < Projects::ApplicationController
before_action :require_non_empty_project
before_action :assign_ref_vars
before_action :authorize_download_code!
+ before_action :show_rate_limit, only: [:show]
def show
@blob = @repository.blob_at(@commit.id, @path)
send_blob(@repository, @blob, inline: (params[:inline] != 'false'))
end
+
+ private
+
+ def show_rate_limit
+ limiter = ::Gitlab::ActionRateLimiter.new(action: :show_raw_controller)
+
+ return unless limiter.throttled?([@project, @commit, @path], raw_blob_request_limit)
+
+ limiter.log_request(request, :raw_blob_request_limit, current_user)
+
+ flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
+ redirect_to project_blob_path(@project, File.join(@ref, @path))
+ end
+
+ def raw_blob_request_limit
+ Gitlab::CurrentSettings
+ .current_application_settings
+ .raw_blob_request_limit
+ end
end
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 30fc9fd6892..1e612bd0e78 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -98,7 +98,8 @@ module ApplicationSettingImplementation
commit_email_hostname: default_commit_email_hostname,
protected_ci_variables: false,
local_markdown_version: 0,
- outbound_local_requests_whitelist: []
+ outbound_local_requests_whitelist: [],
+ raw_blob_request_limit: 300
}
end
diff --git a/app/views/admin/application_settings/_performance.html.haml b/app/views/admin/application_settings/_performance.html.haml
index 7821a83530f..b52171afc69 100644
--- a/app/views/admin/application_settings/_performance.html.haml
+++ b/app/views/admin/application_settings/_performance.html.haml
@@ -15,4 +15,10 @@
AuthorizedKeysCommand. Click on the help icon for more details.
= link_to icon('question-circle'), help_page_path('administration/operations/fast_ssh_key_lookup')
+ .form-group
+ = f.label :raw_blob_request_limit, _('Raw blob request rate limit per minute'), class: 'label-bold'
+ = f.number_field :raw_blob_request_limit, class: 'form-control'
+ .form-text.text-muted
+ = _('Highest number of requests per minute for each raw path, default to 300. To disable throttling set to 0.')
+
= f.submit 'Save changes', class: "btn btn-success"
View Lorry Controller Status