Commit 4e01681d authored by Dmitriy Zaporozhets (DZ)'s avatar Dmitriy Zaporozhets (DZ)

Merge branch '335300-rate-limit-for-unauthenticated-api-requests-2-add-api-columns' into 'master'

[2/5] Add `throttle_unauthenticated_api_*` columns to application settings

See merge request gitlab-org/gitlab!69384
parents 33e0ff37 004732b0
...@@ -323,6 +323,9 @@ module ApplicationSettingsHelper ...@@ -323,6 +323,9 @@ module ApplicationSettingsHelper
:throttle_authenticated_files_api_enabled, :throttle_authenticated_files_api_enabled,
:throttle_authenticated_files_api_period_in_seconds, :throttle_authenticated_files_api_period_in_seconds,
:throttle_authenticated_files_api_requests_per_period, :throttle_authenticated_files_api_requests_per_period,
:throttle_unauthenticated_api_enabled,
:throttle_unauthenticated_api_period_in_seconds,
:throttle_unauthenticated_api_requests_per_period,
:throttle_unauthenticated_enabled, :throttle_unauthenticated_enabled,
:throttle_unauthenticated_period_in_seconds, :throttle_unauthenticated_period_in_seconds,
:throttle_unauthenticated_requests_per_period, :throttle_unauthenticated_requests_per_period,
......
...@@ -468,6 +468,14 @@ class ApplicationSetting < ApplicationRecord ...@@ -468,6 +468,14 @@ class ApplicationSetting < ApplicationRecord
length: { maximum: 255, message: _('is too long (maximum is %{count} characters)') }, length: { maximum: 255, message: _('is too long (maximum is %{count} characters)') },
allow_blank: true allow_blank: true
validates :throttle_unauthenticated_api_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_unauthenticated_api_period_in_seconds,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_unauthenticated_requests_per_period, validates :throttle_unauthenticated_requests_per_period,
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
......
...@@ -181,6 +181,9 @@ module ApplicationSettingImplementation ...@@ -181,6 +181,9 @@ module ApplicationSettingImplementation
throttle_protected_paths_enabled: false, throttle_protected_paths_enabled: false,
throttle_protected_paths_in_seconds: 10, throttle_protected_paths_in_seconds: 10,
throttle_protected_paths_per_period: 60, throttle_protected_paths_per_period: 60,
throttle_unauthenticated_api_enabled: false,
throttle_unauthenticated_api_period_in_seconds: 3600,
throttle_unauthenticated_api_requests_per_period: 3600,
throttle_unauthenticated_enabled: false, throttle_unauthenticated_enabled: false,
throttle_unauthenticated_period_in_seconds: 3600, throttle_unauthenticated_period_in_seconds: 3600,
throttle_unauthenticated_requests_per_period: 3600, throttle_unauthenticated_requests_per_period: 3600,
......
# frozen_string_literal: true
class AddThrottleUnauthenticatedApiColumns < ActiveRecord::Migration[6.1]
def change
# The defaults match those from the current `throttle_unauthenticated_*` columns
add_column :application_settings, :throttle_unauthenticated_api_enabled, :boolean, default: false, null: false
add_column :application_settings, :throttle_unauthenticated_api_requests_per_period, :integer, default: 3600, null: false
add_column :application_settings, :throttle_unauthenticated_api_period_in_seconds, :integer, default: 3600, null: false
end
end
# frozen_string_literal: true
# Initialize the new `throttle_unauthenticated_api_*` columns with the current values
# from the `throttle_unauthenticated_*` columns, which will now only apply to web requests.
#
# The columns for the unauthenticated web rate limit will be renamed later
# in https://gitlab.com/gitlab-org/gitlab/-/issues/340031.
class InitializeThrottleUnauthenticatedApiColumns < ActiveRecord::Migration[6.1]
class ApplicationSetting < ActiveRecord::Base
self.table_name = :application_settings
end
def up
ApplicationSetting.update_all(%q{
throttle_unauthenticated_api_enabled = throttle_unauthenticated_enabled,
throttle_unauthenticated_api_requests_per_period = throttle_unauthenticated_requests_per_period,
throttle_unauthenticated_api_period_in_seconds = throttle_unauthenticated_period_in_seconds
})
end
def down
end
end
97536098a2d3b127c6e6b9c079d10d272552dc9064f6b23fb92482baffaac7db
\ No newline at end of file
96a8a87cc075b7a2bf3919d0c891fdfedb2a9b7bab6460b82bfb43a3f8abe3cf
\ No newline at end of file
...@@ -10337,6 +10337,9 @@ CREATE TABLE application_settings ( ...@@ -10337,6 +10337,9 @@ CREATE TABLE application_settings (
throttle_authenticated_git_lfs_period_in_seconds integer DEFAULT 60 NOT NULL, throttle_authenticated_git_lfs_period_in_seconds integer DEFAULT 60 NOT NULL,
throttle_authenticated_git_lfs_enabled boolean DEFAULT false NOT NULL, throttle_authenticated_git_lfs_enabled boolean DEFAULT false NOT NULL,
user_deactivation_emails_enabled boolean DEFAULT true NOT NULL, user_deactivation_emails_enabled boolean DEFAULT true NOT NULL,
throttle_unauthenticated_api_enabled boolean DEFAULT false NOT NULL,
throttle_unauthenticated_api_requests_per_period integer DEFAULT 3600 NOT NULL,
throttle_unauthenticated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)), CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)), CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
...@@ -927,6 +927,8 @@ RSpec.describe ApplicationSetting do ...@@ -927,6 +927,8 @@ RSpec.describe ApplicationSetting do
context 'throttle_* settings' do context 'throttle_* settings' do
where(:throttle_setting) do where(:throttle_setting) do
%i[ %i[
throttle_unauthenticated_api_requests_per_period
throttle_unauthenticated_api_period_in_seconds
throttle_unauthenticated_requests_per_period throttle_unauthenticated_requests_per_period
throttle_unauthenticated_period_in_seconds throttle_unauthenticated_period_in_seconds
throttle_authenticated_api_requests_per_period throttle_authenticated_api_requests_per_period
......
...@@ -345,6 +345,9 @@ RSpec.describe ApplicationSettings::UpdateService do ...@@ -345,6 +345,9 @@ RSpec.describe ApplicationSettings::UpdateService do
throttle_authenticated_web_enabled: true, throttle_authenticated_web_enabled: true,
throttle_authenticated_web_period_in_seconds: 30, throttle_authenticated_web_period_in_seconds: 30,
throttle_authenticated_web_requests_per_period: 40, throttle_authenticated_web_requests_per_period: 40,
throttle_unauthenticated_api_enabled: true,
throttle_unauthenticated_api_period_in_seconds: 50,
throttle_unauthenticated_api_requests_per_period: 60,
throttle_unauthenticated_enabled: true, throttle_unauthenticated_enabled: true,
throttle_unauthenticated_period_in_seconds: 50, throttle_unauthenticated_period_in_seconds: 50,
throttle_unauthenticated_requests_per_period: 60 throttle_unauthenticated_requests_per_period: 60
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment