diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/environments/production.rb | 2 | ||||
| -rw-r--r-- | config/initializers/doorkeeper.rb | 4 | ||||
| -rw-r--r-- | config/initializers/rabl_init.rb | 2 | ||||
| -rw-r--r-- | config/initializers/rack-attack.rb | 18 | ||||
| -rw-r--r-- | config/locales/doorkeeper.en.yml | 4 | ||||
| -rw-r--r-- | config/routes.rb | 4 |
6 files changed, 25 insertions, 9 deletions
diff --git a/config/environments/production.rb b/config/environments/production.rb index 8ac857a19..b90505f68 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -12,7 +12,7 @@ Rails.application.configure do # Full error reports are disabled and caching is turned on. config.consider_all_requests_local = false - config.action_controller.perform_caching = false + config.action_controller.perform_caching = true # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 97eaea678..16297456e 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -50,8 +50,8 @@ Doorkeeper.configure do # Define access token scopes for your provider # For more information go to # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes - # default_scopes :public - # optional_scopes :write, :follow + default_scopes :read + optional_scopes :write, :follow # Change the way client credentials are retrieved from the request object. # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then diff --git a/config/initializers/rabl_init.rb b/config/initializers/rabl_init.rb index d14f8c54e..325bf0c78 100644 --- a/config/initializers/rabl_init.rb +++ b/config/initializers/rabl_init.rb @@ -1,5 +1,5 @@ Rabl.configure do |config| - config.cache_all_output = true + config.cache_all_output = false config.cache_sources = !!Rails.env.production? config.include_json_root = false config.view_paths = [Rails.root.join('app/views')] diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb index fb447685b..6d9286e66 100644 --- a/config/initializers/rack-attack.rb +++ b/config/initializers/rack-attack.rb @@ -1,9 +1,19 @@ class Rack::Attack - throttle('get-req/ip', limit: 300, period: 5.minutes) do |req| - req.ip if req.get? + # Rate limits for the API + throttle('api', limit: 150, period: 5.minutes) do |req| + req.ip if req.path.match(/\A\/api\//) end - throttle('post-req/ip', limit: 100, period: 5.minutes) do |req| - req.ip if req.post? + self.throttled_response = lambda do |env| + now = Time.now.utc + match_data = env['rack.attack.match_data'] + + headers = { + 'X-RateLimit-Limit' => match_data[:limit].to_s, + 'X-RateLimit-Remaining' => '0', + 'X-RateLimit-Reset' => (now + (match_data[:period] - now.to_i % match_data[:period])).to_s + } + + [429, headers, [{ error: 'Throttled' }.to_json]] end end diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 7d2d215da..e4444c972 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -15,6 +15,10 @@ en: secured_uri: 'must be an HTTPS/SSL URI.' doorkeeper: + scopes: + read: read your account's data + write: post on your behalf + follow: follow, block, unblock and unfollow accounts applications: confirmations: destroy: 'Are you sure?' diff --git a/config/routes.rb b/config/routes.rb index f3708938a..b5abd56af 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -7,7 +7,9 @@ Rails.application.routes.draw do mount Sidekiq::Web => '/sidekiq' end - use_doorkeeper + use_doorkeeper do + controllers authorizations: 'oauth/authorizations' + end get '.well-known/host-meta', to: 'xrd#host_meta', as: :host_meta get '.well-known/webfinger', to: 'xrd#webfinger', as: :webfinger |