Commit 69a37bc7 authored by Stan Hu's avatar Stan Hu

Modify archive rate limit to throttle by user

In the previous implementation, an unauthenticated user attempting to
download the archive repeatedly would interfere with authenticated
users. To avoid that, we increase the scope of the limiter to include
the user.
parent 01b90fc7
...@@ -11,7 +11,7 @@ module Gitlab ...@@ -11,7 +11,7 @@ module Gitlab
key = ARCHIVE_RATE_THROTTLE_KEY key = ARCHIVE_RATE_THROTTLE_KEY
if rate_limiter.throttled?(key, scope: [project], threshold: archive_rate_threshold_by_user(user)) if rate_limiter.throttled?(key, scope: [project, user], threshold: archive_rate_threshold_by_user(user))
rate_limiter.log_request(request, "#{key}_request_limit".to_sym, user) rate_limiter.log_request(request, "#{key}_request_limit".to_sym, user)
return true return true
......
...@@ -43,6 +43,7 @@ describe Gitlab::RateLimitHelpers, :clean_gitlab_redis_shared_state do ...@@ -43,6 +43,7 @@ describe Gitlab::RateLimitHelpers, :clean_gitlab_redis_shared_state do
end end
expect(class_instance.archive_rate_limit_reached?(nil, project)).to be_truthy expect(class_instance.archive_rate_limit_reached?(nil, project)).to be_truthy
expect(class_instance.archive_rate_limit_reached?(user, project)).to be_falsey
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment