From c8e28a0bb8dd45d91cb72ff2c930bc4a562f1fc7 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 27 Jan 2020 09:08:32 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 lib/api/project_import.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'lib/api/project_import.rb')

diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb
index b3f17447ea0..7e0bd299761 100644
--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
@@ -18,6 +18,14 @@ module API
       def validate_file!
         render_api_error!('The file is invalid', 400) unless file_is_valid?
       end
+
+      def throttled?(key, scope)
+        rate_limiter.throttled?(key, scope: scope)
+      end
+
+      def rate_limiter
+        ::Gitlab::ApplicationRateLimiter
+      end
     end
 
     before do
@@ -43,6 +51,14 @@ module API
         success Entities::ProjectImportStatus
       end
       post 'import' do
+        key = "project_import".to_sym
+
+        if throttled?(key, [current_user, key])
+          rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+
+          render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+        end
+
         validate_file!
 
         Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42437')
-- 
cgit v1.2.1