Change rate limits to 1,500/5m per user, 300/5m per app (#23347)
parent
420f33ccb9
commit
c6ef56fd5e
|
@ -33,6 +33,10 @@ class Rack::Attack
|
||||||
authenticated_token&.resource_owner_id
|
authenticated_token&.resource_owner_id
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def authenticated_token_id
|
||||||
|
authenticated_token&.id
|
||||||
|
end
|
||||||
|
|
||||||
def unauthenticated?
|
def unauthenticated?
|
||||||
!authenticated_user_id
|
!authenticated_user_id
|
||||||
end
|
end
|
||||||
|
@ -62,10 +66,14 @@ class Rack::Attack
|
||||||
IpBlock.blocked?(req.remote_ip)
|
IpBlock.blocked?(req.remote_ip)
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req|
|
throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
|
||||||
req.authenticated_user_id if req.api_request?
|
req.authenticated_user_id if req.api_request?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
|
||||||
|
req.authenticated_token_id if req.api_request?
|
||||||
|
end
|
||||||
|
|
||||||
throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|
|
throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|
|
||||||
req.throttleable_remote_ip if req.api_request? && req.unauthenticated?
|
req.throttleable_remote_ip if req.api_request? && req.unauthenticated?
|
||||||
end
|
end
|
||||||
|
|
Reference in New Issue