github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:21:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Revert "FIX: Don't rate limit admin and staff constraints when matching routes."

Browse Source 
This reverts commit 651b50b1a159258588ebd716f678035db2239b5a.
This commit is contained in:
Guo Xiang Tan
2018-09-04 14:17:05 +08:00
parent e4498d2a8a
commit 3b337bfc6b
4 changed files with 12 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/auth/default_current_user_provider.rb
View File

@ -17,10 +17,9 @@ class Auth::DefaultCurrentUserProvider
BAD_TOKEN ||= "_DISCOURSE_BAD_TOKEN"
# do all current user initialization here
def initialize(env, rate_limit: true)
def initialize(env)
@env = env
@request = Rack::Request.new(env)
@rate_limit = rate_limit
end
# our current user, return nil if none is found
@ -63,7 +62,7 @@ class Auth::DefaultCurrentUserProvider
if !current_user
@env[BAD_TOKEN] = true
begin
limiter.performed! if @rate_limit
limiter.performed!
rescue RateLimiter::LimitExceeded
raise Discourse::InvalidAccess.new(
'Invalid Access',
@ -86,7 +85,7 @@ class Auth::DefaultCurrentUserProvider
# we do not run this rate limiter while profiling
if Rails.env != "profile"
limiter_min = RateLimiter.new(nil, "admin_api_min_#{api_key}", GlobalSetting.max_admin_api_reqs_per_key_per_minute, 60)
limiter_min.performed! if @rate_limit
limiter_min.performed!
end
end
@ -97,19 +96,19 @@ class Auth::DefaultCurrentUserProvider
limiter_day = RateLimiter.new(nil, "user_api_day_#{user_api_key}", GlobalSetting.max_user_api_reqs_per_day, 86400)
unless limiter_day.can_perform?
limiter_day.performed! if @rate_limit
limiter_day.performed!
end
unless limiter_min.can_perform?
limiter_min.performed! if @rate_limit
limiter_min.performed!
end
current_user = lookup_user_api_user_and_update_key(user_api_key, @env[USER_API_CLIENT_ID])
raise Discourse::InvalidAccess unless current_user
raise Discourse::InvalidAccess if current_user.suspended? || !current_user.active
limiter_min.performed! if @rate_limit
limiter_day.performed! if @rate_limit
limiter_min.performed!
limiter_day.performed!
@env[USER_API_KEY_ENV] = true
end