diff options
author | Claire <claire.github-309c@sitedethib.com> | 2023-02-04 23:18:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-04 23:18:14 +0100 |
commit | 76b4e7727b7497c1b68e06133831701f8950ae19 (patch) | |
tree | dee110c9c6afd598b202e73283d5c8f8ae6d3999 /config/initializers | |
parent | ec26f7c1b16ca1429991212292e35e520c617485 (diff) | |
parent | fa433ac5a638b00f5bf77ee52955696d7aa842d6 (diff) |
Merge pull request #2101 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'config/initializers')
-rw-r--r-- | config/initializers/rack_attack.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 72ef7ba80..3857e3055 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -33,6 +33,10 @@ class Rack::Attack authenticated_token&.resource_owner_id end + def authenticated_token_id + authenticated_token&.id + end + def unauthenticated? !authenticated_user_id end @@ -62,10 +66,14 @@ class Rack::Attack IpBlock.blocked?(req.remote_ip) end - throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req| + throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req| req.authenticated_user_id if req.api_request? end + throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req| + req.authenticated_token_id if req.api_request? + end + throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req| req.throttleable_remote_ip if req.api_request? && req.unauthenticated? end |