diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2020-03-08 15:17:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-08 15:17:39 +0100 |
| commit | 339ce1c4e90605b736745b1f04493a247b2627ec (patch) | |
| tree | bf6f6c697648416c0578fbc0e11132403a85b27c /app/controllers/api/v1 | |
| parent | 503eab1c1f101e92f163ed4f8457cac9a6193ffc (diff) | |
Add specific rate limits for posting and following (#13172)
Diffstat (limited to 'app/controllers/api/v1')
| -rw-r--r-- | app/controllers/api/v1/accounts_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/api/v1/statuses/reblogs_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 5 |
3 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index f5b06862b..0080faf33 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -14,6 +14,8 @@ class Api::V1::AccountsController < Api::BaseController skip_before_action :require_authenticated_user!, only: :create + override_rate_limit_headers :follow, family: :follows + def show render json: @account, serializer: REST::AccountSerializer end @@ -29,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController end def follow - FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs)) + FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs), with_rate_limit: true) options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } } diff --git a/app/controllers/api/v1/statuses/reblogs_controller.rb b/app/controllers/api/v1/statuses/reblogs_controller.rb index 9abeb0759..7fa774a4d 100644 --- a/app/controllers/api/v1/statuses/reblogs_controller.rb +++ b/app/controllers/api/v1/statuses/reblogs_controller.rb @@ -7,8 +7,11 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController before_action :require_user! before_action :set_reblog + override_rate_limit_headers :create, family: :statuses + def create @status = ReblogService.new.call(current_account, @reblog, reblog_params) + render json: @status, serializer: REST::StatusSerializer end diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 85521fadf..2f55e95fd 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -8,6 +8,8 @@ class Api::V1::StatusesController < Api::BaseController before_action :require_user!, except: [:show, :context] before_action :set_status, only: [:show, :context] + override_rate_limit_headers :create, family: :statuses + # This API was originally unlimited, pagination cannot be introduced without # breaking backwards-compatibility. Arbitrarily high number to cover most # conversations as quasi-unlimited, it would be too much work to render more @@ -42,7 +44,8 @@ class Api::V1::StatusesController < Api::BaseController scheduled_at: status_params[:scheduled_at], application: doorkeeper_token.application, poll: status_params[:poll], - idempotency: request.headers['Idempotency-Key']) + idempotency: request.headers['Idempotency-Key'], + with_rate_limit: true) render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer end |