IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: rate limit anon searches per second (#19708)

Browse Source
This commit is contained in:
Sam
2023-01-28 05:05:27 +11:00
committed by GitHub
parent 5f90790110
commit 2c8dfc3dbc
9 changed files with 208 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/assets/javascripts/discourse/app/controllers/full-page-search.js
View File

@@ -63,6 +63,7 @@ export default Controller.extend({
resultCount: null,
searchTypes: null,
selected: [],
error: null,
init() {
this._super(...arguments);
@@ -382,6 +383,10 @@ export default Controller.extend({
model.grouped_search_result = results.grouped_search_result;
this.set("model", model);
}
this.set("error", null);
})
.catch((e) => {
this.set("error", e.jqXHR.responseJSON?.message);
})
.finally(() => {
this.setProperties({

4
app/assets/javascripts/discourse/app/templates/full-page-search.hbs
View File

@@ -163,9 +163,9 @@
{{#if this.searchActive}}
<h3>{{i18n "search.no_results"}}</h3>
{{#if this.model.grouped_search_result.error}}
{{#if this.error}}
<div class="warning">
{{this.model.grouped_search_result.error}}
{{this.error}}
</div>
{{/if}}

52
app/controllers/search_controller.rb
View File

@@ -29,8 +29,6 @@ class SearchController < ApplicationController
# check for a malformed page parameter
raise Discourse::InvalidParameters if page && (!page.is_a?(String) || page.to_i.to_s != page)
rate_limit_errors = rate_limit_search
discourse_expires_in 1.minute
search_args = {
@@ -50,15 +48,11 @@ class SearchController < ApplicationController
search_args[:ip_address] = request.remote_ip
search_args[:user_id] = current_user.id if current_user.present?
if rate_limit_errors
result =
Search::GroupedSearchResults.new(
type_filter: search_args[:type_filter],
term: @search_term,
search_context: context,
)
result.error = I18n.t("rate_limiter.slow_down")
if rate_limit_search
return(
render json: failed_json.merge(message: I18n.t("rate_limiter.slow_down")),
status: :too_many_requests
)
elsif site_overloaded?
result =
Search::GroupedSearchResults.new(
@@ -89,8 +83,6 @@ class SearchController < ApplicationController
raise Discourse::InvalidParameters.new("string contains null byte")
end
rate_limit_errors = rate_limit_search
discourse_expires_in 1.minute
search_args = { guardian: guardian }
@@ -112,15 +104,11 @@ class SearchController < ApplicationController
:restrict_to_archetype
].present?
if rate_limit_errors
result =
Search::GroupedSearchResults.new(
type_filter: search_args[:type_filter],
term: params[:term],
search_context: context,
)
result.error = I18n.t("rate_limiter.slow_down")
if rate_limit_search
return(
render json: failed_json.merge(message: I18n.t("rate_limiter.slow_down")),
status: :too_many_requests
)
elsif site_overloaded?
result =
GroupedSearchResults.new(
@@ -188,14 +176,26 @@ class SearchController < ApplicationController
else
RateLimiter.new(
nil,
"search-min-#{request.remote_ip}",
SiteSetting.rate_limit_search_anon_user,
"search-min-#{request.remote_ip}-per-sec",
SiteSetting.rate_limit_search_anon_user_per_second,
1.second,
).performed!
RateLimiter.new(
nil,
"search-min-#{request.remote_ip}-per-min",
SiteSetting.rate_limit_search_anon_user_per_minute,
1.minute,
).performed!
RateLimiter.new(
nil,
"search-min-anon-global",
SiteSetting.rate_limit_search_anon_global,
"search-min-anon-global-per-sec",
SiteSetting.rate_limit_search_anon_global_per_second,
1.second,
).performed!
RateLimiter.new(
nil,
"search-min-anon-global-per-min",
SiteSetting.rate_limit_search_anon_global_per_minute,
1.minute,
).performed!
end