Apply a 25x rate limit by IP even to authenticated requests (#5948)

2017-12-11 15:32:29 +01:00 · 2017-12-11 15:32:29 +01:00 · feed07227b
commit feed07227b
parent e56323a4dd
2 changed files with 4 additions and 4 deletions
--- a/app/controllers/concerns/rate_limit_headers.rb
+++ b/app/controllers/concerns/rate_limit_headers.rb
@ -44,8 +44,8 @@ module RateLimitHeaders
  end

  def api_throttle_data
-    request.env['rack.attack.throttle_data']['throttle_authenticated_api'] ||
-      request.env['rack.attack.throttle_data']['throttle_unauthenticated_api']
+    most_limited_type, = request.env['rack.attack.throttle_data'].min_by { |_, v| v[:limit] }
+    request.env['rack.attack.throttle_data'][most_limited_type]
  end

  def request_time