Add specific rate limits for posting and following (#13172)
This commit is contained in:
		
					parent
					
						
							
								503eab1c1f
							
						
					
				
			
			
				commit
				
					
						339ce1c4e9
					
				
			
		
					 23 changed files with 273 additions and 51 deletions
				
			
		|  | @ -44,6 +44,10 @@ class Api::BaseController < ApplicationController | |||
|     render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503 | ||||
|   end | ||||
| 
 | ||||
|   rescue_from Mastodon::RateLimitExceededError do | ||||
|     render json: { error: I18n.t('errors.429') }, status: 429 | ||||
|   end | ||||
| 
 | ||||
|   rescue_from ActionController::ParameterMissing do |e| | ||||
|     render json: { error: e.to_s }, status: 400 | ||||
|   end | ||||
|  |  | |||
|  | @ -14,6 +14,8 @@ class Api::V1::AccountsController < Api::BaseController | |||
| 
 | ||||
|   skip_before_action :require_authenticated_user!, only: :create | ||||
| 
 | ||||
|   override_rate_limit_headers :follow, family: :follows | ||||
| 
 | ||||
|   def show | ||||
|     render json: @account, serializer: REST::AccountSerializer | ||||
|   end | ||||
|  | @ -29,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController | |||
|   end | ||||
| 
 | ||||
|   def follow | ||||
|     FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs)) | ||||
|     FollowService.new.call(current_user.account, @account, reblogs: truthy_param?(:reblogs), with_rate_limit: true) | ||||
| 
 | ||||
|     options = @account.locked? || current_user.account.silenced? ? {} : { following_map: { @account.id => { reblogs: truthy_param?(:reblogs) } }, requested_map: { @account.id => false } } | ||||
| 
 | ||||
|  |  | |||
|  | @ -7,8 +7,11 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController | |||
|   before_action :require_user! | ||||
|   before_action :set_reblog | ||||
| 
 | ||||
|   override_rate_limit_headers :create, family: :statuses | ||||
| 
 | ||||
|   def create | ||||
|     @status = ReblogService.new.call(current_account, @reblog, reblog_params) | ||||
| 
 | ||||
|     render json: @status, serializer: REST::StatusSerializer | ||||
|   end | ||||
| 
 | ||||
|  |  | |||
|  | @ -8,6 +8,8 @@ class Api::V1::StatusesController < Api::BaseController | |||
|   before_action :require_user!, except:  [:show, :context] | ||||
|   before_action :set_status, only:       [:show, :context] | ||||
| 
 | ||||
|   override_rate_limit_headers :create, family: :statuses | ||||
| 
 | ||||
|   # This API was originally unlimited, pagination cannot be introduced without | ||||
|   # breaking backwards-compatibility. Arbitrarily high number to cover most | ||||
|   # conversations as quasi-unlimited, it would be too much work to render more | ||||
|  | @ -42,7 +44,8 @@ class Api::V1::StatusesController < Api::BaseController | |||
|                                          scheduled_at: status_params[:scheduled_at], | ||||
|                                          application: doorkeeper_token.application, | ||||
|                                          poll: status_params[:poll], | ||||
|                                          idempotency: request.headers['Idempotency-Key']) | ||||
|                                          idempotency: request.headers['Idempotency-Key'], | ||||
|                                          with_rate_limit: true) | ||||
| 
 | ||||
|     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer | ||||
|   end | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue