PERF: improve speed of rate limiter

Also

- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime

spec/components/auth/default_current_user_provider_spec.rb

@@ -172,38 +172,47 @@ describe Auth::DefaultCurrentUserProvider do
 
   end
 
-  it "can only try 10 bad cookies a minute" do
-    user = Fabricate(:user)
-    token = UserAuthToken.generate!(user_id: user.id)
+  context "rate limiting" do
 
-    provider('/').log_on_user(user, {}, {})
-
-    RateLimiter.stubs(:disabled?).returns(false)
-
-    RateLimiter.new(nil, "cookie_auth_10.0.0.1", 10, 60).clear!
-    RateLimiter.new(nil, "cookie_auth_10.0.0.2", 10, 60).clear!
-
-    ip = "10.0.0.1"
-    env = { "HTTP_COOKIE" => "_t=#{SecureRandom.hex}", "REMOTE_ADDR" => ip }
-
-    10.times do
-      provider('/', env).current_user
+    before do
+      RateLimiter.enable
     end
 
-    expect {
-      provider('/', env).current_user
-    }.to raise_error(Discourse::InvalidAccess)
+    after do
+      RateLimiter.disable
+    end
 
-    expect {
-      env["HTTP_COOKIE"] = "_t=#{token.unhashed_auth_token}"
-      provider("/", env).current_user
-    }.to raise_error(Discourse::InvalidAccess)
+    it "can only try 10 bad cookies a minute" do
+      user = Fabricate(:user)
+      token = UserAuthToken.generate!(user_id: user.id)
 
-    env["REMOTE_ADDR"] = "10.0.0.2"
+      provider('/').log_on_user(user, {}, {})
 
-    expect {
-      provider('/', env).current_user
-    }.not_to raise_error
+      RateLimiter.new(nil, "cookie_auth_10.0.0.1", 10, 60).clear!
+      RateLimiter.new(nil, "cookie_auth_10.0.0.2", 10, 60).clear!
+
+      ip = "10.0.0.1"
+      env = { "HTTP_COOKIE" => "_t=#{SecureRandom.hex}", "REMOTE_ADDR" => ip }
+
+      10.times do
+        provider('/', env).current_user
+      end
+
+      expect {
+        provider('/', env).current_user
+      }.to raise_error(Discourse::InvalidAccess)
+
+      expect {
+        env["HTTP_COOKIE"] = "_t=#{token.unhashed_auth_token}"
+        provider("/", env).current_user
+      }.to raise_error(Discourse::InvalidAccess)
+
+      env["REMOTE_ADDR"] = "10.0.0.2"
+
+      expect {
+        provider('/', env).current_user
+      }.not_to raise_error
+    end
   end
 
   it "correctly removes invalid cookies" do
@@ -295,44 +304,53 @@ describe Auth::DefaultCurrentUserProvider do
 
     end
 
-    it "rate limits api usage" do
+    context "rate limiting" do
 
-      RateLimiter.stubs(:disabled?).returns(false)
-      limiter1 = RateLimiter.new(nil, "user_api_day_#{api_key.key}", 10, 60)
-      limiter2 = RateLimiter.new(nil, "user_api_min_#{api_key.key}", 10, 60)
-      limiter1.clear!
-      limiter2.clear!
-
-      SiteSetting.max_user_api_reqs_per_day = 3
-      SiteSetting.max_user_api_reqs_per_minute = 4
-
-      params = {
-        "REQUEST_METHOD" => "GET",
-        "HTTP_USER_API_KEY" => api_key.key,
-      }
-
-      3.times do
-        provider("/", params).current_user
+      before do
+        RateLimiter.enable
       end
 
-      expect {
-        provider("/", params).current_user
-      }.to raise_error(RateLimiter::LimitExceeded)
-
-      SiteSetting.max_user_api_reqs_per_day = 4
-      SiteSetting.max_user_api_reqs_per_minute = 3
-
-      limiter1.clear!
-      limiter2.clear!
-
-      3.times do
-        provider("/", params).current_user
+      after do
+        RateLimiter.disable
       end
 
-      expect {
-        provider("/", params).current_user
-      }.to raise_error(RateLimiter::LimitExceeded)
+      it "rate limits api usage" do
+        limiter1 = RateLimiter.new(nil, "user_api_day_#{api_key.key}", 10, 60)
+        limiter2 = RateLimiter.new(nil, "user_api_min_#{api_key.key}", 10, 60)
+        limiter1.clear!
+        limiter2.clear!
 
+        SiteSetting.max_user_api_reqs_per_day = 3
+        SiteSetting.max_user_api_reqs_per_minute = 4
+
+        params = {
+          "REQUEST_METHOD" => "GET",
+          "HTTP_USER_API_KEY" => api_key.key,
+        }
+
+        3.times do
+          provider("/", params).current_user
+        end
+
+        expect {
+          provider("/", params).current_user
+        }.to raise_error(RateLimiter::LimitExceeded)
+
+        SiteSetting.max_user_api_reqs_per_day = 4
+        SiteSetting.max_user_api_reqs_per_minute = 3
+
+        limiter1.clear!
+        limiter2.clear!
+
+        3.times do
+          provider("/", params).current_user
+        end
+
+        expect {
+          provider("/", params).current_user
+        }.to raise_error(RateLimiter::LimitExceeded)
+
+      end
     end
   end
 end

spec/components/rate_limiter_spec.rb

@@ -8,11 +8,14 @@ describe RateLimiter do
 
   context 'disabled' do
     before do
-      RateLimiter.stubs(:disabled?).returns(true)
       rate_limiter.performed!
       rate_limiter.performed!
     end
 
+    it "should be disabled" do
+      expect(RateLimiter.disabled?).to eq(true)
+    end
+
     it "returns true for can_perform?" do
       expect(rate_limiter.can_perform?).to eq(true)
     end
@@ -25,10 +28,41 @@ describe RateLimiter do
 
   context 'enabled' do
     before do
-      RateLimiter.stubs(:disabled?).returns(false)
+      RateLimiter.enable
       rate_limiter.clear!
     end
 
+    after do
+      RateLimiter.disable
+    end
+
+    context 'global rate limiter' do
+
+      it 'can operate in global mode' do
+        limiter = RateLimiter.new(nil, "test", 2, 10, global: true)
+        limiter.clear!
+
+        limiter.performed!
+        limiter.performed!
+        expect { limiter.performed! }.to raise_error(RateLimiter::LimitExceeded)
+      end
+
+    end
+
+    context 'handles readonly' do
+      before do
+        $redis.without_namespace.slaveof '10.0.0.1', '99999'
+      end
+
+      after do
+        $redis.without_namespace.slaveof 'no', 'one'
+      end
+
+      it 'does not explode' do
+        expect { rate_limiter.performed! }.not_to raise_error
+      end
+    end
+
     context 'never done' do
       it "should perform right away" do
         expect(rate_limiter.can_perform?).to eq(true)