From f64a639bcfa1fc2bc89ca7db268f594306edfd7c Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 16 Mar 2021 18:18:33 +0000
Subject: Add latest changes from gitlab-org/gitlab@13-10-stable-ee

---
 app/controllers/concerns/check_rate_limit.rb | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 app/controllers/concerns/check_rate_limit.rb

(limited to 'app/controllers/concerns/check_rate_limit.rb')

diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb
new file mode 100644
index 00000000000..c4de3315e22
--- /dev/null
+++ b/app/controllers/concerns/check_rate_limit.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+# == CheckRateLimit
+#
+# Controller concern that checks if the rate limit for a given action is throttled by calling the
+# Gitlab::ApplicationRateLimiter class. If the action is throttled for the current user, the request
+# will be logged and an error message will be rendered with a Too Many Requests response status.
+module CheckRateLimit
+  def check_rate_limit(key)
+    return unless rate_limiter.throttled?(key, scope: current_user, users_allowlist: rate_limit_users_allowlist)
+
+    rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+    render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
+  end
+
+  def rate_limiter
+    ::Gitlab::ApplicationRateLimiter
+  end
+
+  def rate_limit_users_allowlist
+    Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist
+  end
+end
-- 
cgit v1.2.1