gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-05-07 20:26:15 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

Fix recognition of authenticated users

Browse Source
This commit is contained in:
Mia Heidenstedt 2025-04-24 18:55:52 +02:00 committed by GitHub
parent 3d84ad5e0e
commit 3434768ab7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
config/initializers/rack_attack.rb
View File

@ -82,12 +82,16 @@ class Rack::Attack
req.authenticated_user_id if req.post? && req.path.match?(%r{\A/api/v\d+/media\z}i)
end
throttle('throttle_authenticated_media_proxy', limit: 200, period: 10.minutes) do |req|
req.authenticated_user_id if req.path.start_with?('/media_proxy')
throttle('throttle_media_proxy_authenticated', limit: 200, period: 10.minutes) do |req|
if req.path.start_with?('/media_proxy') && (req.authenticated_user_id || req.warden_user_id)
req.authenticated_user_id || req.warden_user_id
end
end
throttle('throttle_unauthenticated_media_proxy', limit: 30, period: 10.minutes) do |req|
req.throttleable_remote_ip if req.path.start_with?('/media_proxy') && req.unauthenticated?
throttle('throttle_media_proxy_unauthenticated', limit: 30, period: 1.hour) do |req|
if req.path.start_with?('/media_proxy') && !req.authenticated_user_id && !req.warden_user_id
req.throttleable_remote_ip
end
end
throttle('throttle_api_sign_up', limit: 5, period: 30.minutes) do |req|