diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2016-10-22 19:38:47 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2016-10-22 19:39:44 +0200 |
commit | a9e40a3d80435431f689b8d19005dd77a8f50224 (patch) | |
tree | 48573a1f1ec9c14789c529de3b8fb8badfb20444 /config/initializers/rack-attack.rb | |
parent | 17122df80dc7e85910a9cfa049d2e33ef84288c6 (diff) |
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting
to the API
Diffstat (limited to 'config/initializers/rack-attack.rb')
-rw-r--r-- | config/initializers/rack-attack.rb | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb index fb447685b..6d9286e66 100644 --- a/config/initializers/rack-attack.rb +++ b/config/initializers/rack-attack.rb @@ -1,9 +1,19 @@ class Rack::Attack - throttle('get-req/ip', limit: 300, period: 5.minutes) do |req| - req.ip if req.get? + # Rate limits for the API + throttle('api', limit: 150, period: 5.minutes) do |req| + req.ip if req.path.match(/\A\/api\//) end - throttle('post-req/ip', limit: 100, period: 5.minutes) do |req| - req.ip if req.post? + self.throttled_response = lambda do |env| + now = Time.now.utc + match_data = env['rack.attack.match_data'] + + headers = { + 'X-RateLimit-Limit' => match_data[:limit].to_s, + 'X-RateLimit-Remaining' => '0', + 'X-RateLimit-Reset' => (now + (match_data[:period] - now.to_i % match_data[:period])).to_s + } + + [429, headers, [{ error: 'Throttled' }.to_json]] end end |