From 9d85e8b43eb3e4d6f76ed5a86d1c396a0d80dfb6 Mon Sep 17 00:00:00 2001 From: i5heu Date: Mon, 27 May 2024 12:29:01 +0000 Subject: [PATCH] Increase rate-limit for authenticated users on media proxy endpoints --- config/initializers/rack_attack.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index fa1bdca544..0e6659f16c 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -82,8 +82,12 @@ class Rack::Attack req.authenticated_user_id if req.post? && req.path.match?(%r{\A/api/v\d+/media\z}i) end - throttle('throttle_media_proxy', limit: 30, period: 10.minutes) do |req| - req.throttleable_remote_ip if req.path.start_with?('/media_proxy') + throttle('throttle_authenticated_media_proxy', limit: 200, period: 10.minutes) do |req| + req.authenticated_user_id if req.path.start_with?('/media_proxy') + end + + throttle('throttle_unauthenticated_media_proxy', limit: 30, period: 10.minutes) do |req| + req.throttleable_remote_ip if req.path.start_with?('/media_proxy') && req.unauthenticated? end throttle('throttle_api_sign_up', limit: 5, period: 30.minutes) do |req|