Browse Source

Change rate limits to 1,500/5m per user, 300/5m per app (#23347)

closed-social-glitch-2
Eugen Rochko 1 year ago
committed by GitHub
parent
commit
c6ef56fd5e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
  1. +9
    -1
      config/initializers/rack_attack.rb

+ 9
- 1
config/initializers/rack_attack.rb View File

@ -33,6 +33,10 @@ class Rack::Attack
authenticated_token&.resource_owner_id
end
def authenticated_token_id
authenticated_token&.id
end
def unauthenticated?
!authenticated_user_id
end
@ -62,10 +66,14 @@ class Rack::Attack
IpBlock.blocked?(req.remote_ip)
end
throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req|
throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
req.authenticated_user_id if req.api_request?
end
throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
req.authenticated_token_id if req.api_request?
end
throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|
req.throttleable_remote_ip if req.api_request? && req.unauthenticated?
end

Loading…
Cancel
Save