From 874ead9c3a50de4c4ca4551eaf5b7eb976d26b50 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 14 Apr 2020 15:09:44 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .../admin/application_settings_controller.rb | 1 + app/controllers/projects/environments_controller.rb | 4 +--- app/controllers/projects/issues_controller.rb | 19 +++++++++++++++++++ app/controllers/projects/merge_requests_controller.rb | 1 + 4 files changed, 22 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 210d488f5a3..16254c74ba4 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -219,6 +219,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :domain_blacklist_file, :raw_blob_request_limit, :namespace_storage_size_limit, + :issues_create_limit, disabled_oauth_sign_in_sources: [], import_sources: [], repository_storages: [], diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index e51a5c7b84d..09dc4d118a1 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -14,9 +14,7 @@ class Projects::EnvironmentsController < Projects::ApplicationController before_action :expire_etag_cache, only: [:index], unless: -> { request.format.json? } before_action only: [:metrics, :additional_metrics, :metrics_dashboard] do push_frontend_feature_flag(:prometheus_computed_alerts) - end - before_action do - push_frontend_feature_flag(:auto_stop_environments, default_enabled: true) + push_frontend_feature_flag(:metrics_dashboard_annotations) end after_action :expire_etag_cache, only: [:cancel_auto_stop] diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index f552c471eb2..96650e2cae9 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -42,6 +42,9 @@ class Projects::IssuesController < Projects::ApplicationController before_action :authorize_import_issues!, only: [:import_csv] before_action :authorize_download_code!, only: [:related_branches] + # Limit the amount of issues created per minute + before_action :create_rate_limit, only: [:create] + before_action do push_frontend_feature_flag(:vue_issuable_sidebar, project.group) push_frontend_feature_flag(:save_issuable_health_status, project.group, default_enabled: true) @@ -296,6 +299,22 @@ class Projects::IssuesController < Projects::ApplicationController # 3. https://gitlab.com/gitlab-org/gitlab-foss/issues/42426 Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42422') end + + private + + def create_rate_limit + key = :issues_create + + if rate_limiter.throttled?(key, scope: [@project, @current_user]) + rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) + + render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests + end + end + + def rate_limiter + ::Gitlab::ApplicationRateLimiter + end end Projects::IssuesController.prepend_if_ee('EE::Projects::IssuesController') diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 26de200a1c1..038b6146bab 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -24,6 +24,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo push_frontend_feature_flag(:single_mr_diff_view, @project, default_enabled: true) push_frontend_feature_flag(:suggest_pipeline) if experiment_enabled?(:suggest_pipeline) push_frontend_feature_flag(:code_navigation, @project) + push_frontend_feature_flag(:widget_visibility_polling, @project, default_enabled: true) end before_action do -- cgit v1.2.1