github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: return 429 when admin api key is limited on admin route

Browse Source 
This also handles a general case where exceptions leak out prior to being handled by the application controller
This commit is contained in:
Sam
2018-01-12 14:15:10 +11:00
parent dcbaf2f213
commit 49ed382c2a
39 changed files with 322 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/application_controller.rb
View File

@ -115,7 +115,6 @@ class ApplicationController < ActionController::Base
end
rescue_from Discourse::NotLoggedIn do |e|
raise e if Rails.env.test?
if (request.format && request.format.json?) || request.xhr? || !request.get?
rescue_discourse_actions(:not_logged_in, 403, include_ember: true)
else
@ -123,6 +122,15 @@ class ApplicationController < ActionController::Base
end
end
rescue_from Discourse::InvalidParameters do |e|
message = I18n.t('invalid_params', message: e.message)
if (request.format && request.format.json?) || request.xhr? || !request.get?
rescue_discourse_actions(:invalid_parameters, 400, include_ember: true, custom_message_translated: message)
else
rescue_discourse_actions(:not_found, 400, custom_message_translated: message)
end
end
rescue_from ActiveRecord::StatementInvalid do |e|
Discourse.reset_active_record_cache_if_needed(e)
raise e
@ -162,18 +170,20 @@ class ApplicationController < ActionController::Base
(request.xhr?) ||
((params[:external_id] || '').ends_with? '.json')
message = opts[:custom_message_translated] || I18n.t(opts[:custom_message] || type)
if show_json_errors
# HACK: do not use render_json_error for topics#show
if request.params[:controller] == 'topics' && request.params[:action] == 'show'
return render status: status_code, layout: false, plain: (status_code == 404 || status_code == 410) ? build_not_found_page(status_code) : I18n.t(type)
return render status: status_code, layout: false, plain: (status_code == 404 || status_code == 410) ? build_not_found_page(status_code) : message
end
render_json_error I18n.t(opts[:custom_message] || type), type: type, status: status_code
render_json_error message, type: type, status: status_code
else
begin
current_user
rescue Discourse::InvalidAccess
return render plain: I18n.t(opts[:custom_message] || type), status: status_code
return render plain: message, status: status_code
end
render html: build_not_found_page(status_code, opts[:include_ember] ? 'application' : 'no_ember')