Commit 43f2efbc authored by Vasilii Iakliushin's avatar Vasilii Iakliushin

Add form to Admin Area to control Files API throttling

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/335075
parent cc14366f
= gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-files-limits-settings'), html: { class: 'fieldset-form' } do |f|
= form_errors(@application_setting)
%fieldset
%legend.h5.gl-border-none
= _('Unauthenticated API request rate limit')
.form-group
= f.gitlab_ui_checkbox_component :throttle_unauthenticated_files_api_enabled,
_('Enable unauthenticated API request rate limit'),
help_text: _('Helps reduce request volume (e.g. from crawlers or abusive bots)'),
checkbox_options: { data: { qa_selector: 'throttle_unauthenticated_files_api_checkbox' } }
.form-group
= f.label :throttle_unauthenticated_files_api_requests_per_period, 'Max unauthenticated API requests per period per IP', class: 'label-bold'
= f.number_field :throttle_unauthenticated_files_api_requests_per_period, class: 'form-control gl-form-input'
.form-group
= f.label :throttle_unauthenticated_files_api_period_in_seconds, 'Unauthenticated API rate limit period in seconds', class: 'label-bold'
= f.number_field :throttle_unauthenticated_files_api_period_in_seconds, class: 'form-control gl-form-input'
%fieldset
%legend.h5.gl-border-none
= _('Authenticated API request rate limit')
.form-group
= f.gitlab_ui_checkbox_component :throttle_authenticated_files_api_enabled,
_('Enable authenticated API request rate limit'),
help_text: _('Helps reduce request volume (e.g. from crawlers or abusive bots)'),
checkbox_options: { data: { qa_selector: 'throttle_authenticated_files_api_checkbox' } }
.form-group
= f.label :throttle_authenticated_files_api_requests_per_period, 'Max authenticated API requests per period per user', class: 'label-bold'
= f.number_field :throttle_authenticated_files_api_requests_per_period, class: 'form-control gl-form-input'
.form-group
= f.label :throttle_authenticated_files_api_period_in_seconds, 'Authenticated API rate limit period in seconds', class: 'label-bold'
= f.number_field :throttle_authenticated_files_api_period_in_seconds, class: 'form-control gl-form-input'
= f.submit 'Save changes', class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }
......@@ -34,6 +34,17 @@
= _('Configure specific limits for Packages API requests that supersede the general user and IP rate limits.')
.settings-content
= render 'package_registry_limits'
- if Feature.enabled?(:files_api_throttling, default_enabled: :yaml)
%section.settings.as-files-limits.no-animate#js-files-limits-settings{ class: ('expanded' if expanded_by_default?), data: { testid: 'files-limits-settings' } }
.settings-header
%h4
= _('Files API Rate Limits')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= expanded_by_default? ? _('Collapse') : _('Expand')
%p
= _('Configure specific limits for Files API requests that supersede the general user and IP rate limits.')
.settings-content
= render 'files_limits'
%section.settings.as-git-lfs-limits.no-animate#js-git-lfs-limits-settings{ class: ('expanded' if expanded_by_default?), data: { qa_selector: 'git_lfs_limits_content' } }
.settings-header
......
---
name: files_api_throttling
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68560
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/338903
milestone: '14.3'
type: development
group: group::source code
default_enabled: false
......@@ -8512,6 +8512,9 @@ msgstr ""
msgid "Configure settings for Advanced Search with Elasticsearch."
msgstr ""
msgid "Configure specific limits for Files API requests that supersede the general user and IP rate limits."
msgstr ""
msgid "Configure specific limits for Git LFS requests that supersede the general user and IP rate limits."
msgstr ""
......@@ -14312,6 +14315,9 @@ msgstr ""
msgid "Files"
msgstr ""
msgid "Files API Rate Limits"
msgstr ""
msgid "Files breadcrumb"
msgstr ""
......
......@@ -570,6 +570,20 @@ RSpec.describe 'Admin updates settings' do
expect(page).to have_content "Application settings saved successfully"
expect(current_settings.issues_create_limit).to eq(0)
end
it 'changes Files API rate limits settings' do
visit network_admin_application_settings_path
page.within('[data-testid="files-limits-settings"]') do
check 'Enable unauthenticated API request rate limit'
fill_in 'Max unauthenticated API requests per period per IP', with: 10
click_button 'Save changes'
end
expect(page).to have_content "Application settings saved successfully"
expect(current_settings.throttle_unauthenticated_files_api_enabled).to be true
expect(current_settings.throttle_unauthenticated_files_api_requests_per_period).to eq(10)
end
end
context 'Preferences page' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment