Merge pull request #2101 from ClearlyClaire/glitch-soc/merge-upstream

Merge upstream changes
author: Claire <claire.github-309c@sitedethib.com> 2023-02-04 23:18:14 +0100
committer: GitHub <noreply@github.com> 2023-02-04 23:18:14 +0100
commit: 76b4e7727b7497c1b68e06133831701f8950ae19 (patch)
tree: dee110c9c6afd598b202e73283d5c8f8ae6d3999 /config/initializers
parent: ec26f7c1b16ca1429991212292e35e520c617485 (diff)
parent: fa433ac5a638b00f5bf77ee52955696d7aa842d6 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 72ef7ba80..3857e3055 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -33,6 +33,10 @@ class Rack::Attack
       authenticated_token&.resource_owner_id
     end
 
+    def authenticated_token_id
+      authenticated_token&.id
+    end
+
     def unauthenticated?
       !authenticated_user_id
     end
@@ -62,10 +66,14 @@ class Rack::Attack
     IpBlock.blocked?(req.remote_ip)
   end
 
-  throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req|
+  throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
     req.authenticated_user_id if req.api_request?
   end
 
+  throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
+    req.authenticated_token_id if req.api_request?
+  end
+
   throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|
     req.throttleable_remote_ip if req.api_request? && req.unauthenticated?
   end
author	Claire <claire.github-309c@sitedethib.com>	2023-02-04 23:18:14 +0100
committer	GitHub <noreply@github.com>	2023-02-04 23:18:14 +0100
commit	76b4e7727b7497c1b68e06133831701f8950ae19 (patch)
tree	dee110c9c6afd598b202e73283d5c8f8ae6d3999 /config/initializers
parent	ec26f7c1b16ca1429991212292e35e520c617485 (diff)
parent	fa433ac5a638b00f5bf77ee52955696d7aa842d6 (diff)