Merge 3434768ab7 into 94bceb8683

Fix recognition of authenticated users
Merge branch 'main' into Increase-rate-limit-for-authenticated-users-on-media-proxy-endpoints
2025-07-13 07:48:15 +00:00 · 2025-07-11 14:03:35 +00:00 · 2025-04-24 18:55:52 +02:00 · 2025-04-24 18:54:36 +02:00 · 2024-05-27 12:29:01 +00:00
1 changed files with 10 additions and 2 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -82,8 +82,16 @@ class Rack::Attack
    req.authenticated_user_id if req.post? && req.path.match?(%r{\A/api/v\d+/media\z}i)
  end

-  throttle('throttle_media_proxy', limit: 30, period: 10.minutes) do |req|
-    req.throttleable_remote_ip if req.path.start_with?('/media_proxy')
+  throttle('throttle_media_proxy_authenticated', limit: 200, period: 10.minutes) do |req|
+    if req.path.start_with?('/media_proxy') && (req.authenticated_user_id || req.warden_user_id)
+      req.authenticated_user_id || req.warden_user_id
+    end
+  end
+  
+  throttle('throttle_media_proxy_unauthenticated', limit: 30, period: 1.hour) do |req|
+    if req.path.start_with?('/media_proxy') && !req.authenticated_user_id && !req.warden_user_id
+      req.throttleable_remote_ip
+    end
  end

  throttle('throttle_api_sign_up', limit: 5, period: 30.minutes) do |req|
Author	SHA1	Message	Date
Mia Heidenstedt	dbcb8fd13d	Merge `3434768ab7` into `94bceb8683`	2025-07-11 14:03:35 +00:00
Mia Heidenstedt	3434768ab7	Fix recognition of authenticated users	2025-04-24 18:55:52 +02:00
Mia Heidenstedt	3d84ad5e0e	Merge branch 'main' into Increase-rate-limit-for-authenticated-users-on-media-proxy-endpoints	2025-04-24 18:54:36 +02:00
i5heu	9d85e8b43e	Increase rate-limit for authenticated users on media proxy endpoints	2024-05-27 12:29:01 +00:00