Merge branch 'sh-skip-findcommit-lookup-rate-limit' into 'master'

Avoid Gitaly RPCs in rate-limited raw blob requests Closes gitlab-com/gl-infra/scalability#77 See merge request gitlab-org/gitlab!22123

Merge branch 'sh-skip-findcommit-lookup-rate-limit' into 'master'
Avoid Gitaly RPCs in rate-limited raw blob requests Closes gitlab-com/gl-infra/scalability#77 See merge request gitlab-org/gitlab!22123
5cf0ce43 · Lin Jen-Shin · 888aa6fd · 5200d89d · 5cf0ce43 · 5cf0ce43
Commit 5cf0ce43 authored Dec 23, 2019 by Lin Jen-Shin
4 changed files
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -9,9 +9,9 @@ class Projects::RawController < Projects::ApplicationController
  prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:blob) }
  before_action :require_non_empty_project
-  before_action :assign_ref_vars
  before_action :authorize_download_code!
  before_action :show_rate_limit, only: [:show], unless: :external_storage_request?
+  before_action :assign_ref_vars
  before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled?
  def show
@@ -23,11 +23,15 @@ class Projects::RawController < Projects::ApplicationController
  private
  def show_rate_limit
-    if rate_limiter.throttled?(:show_raw_controller, scope: [@project, @commit, @path], threshold: raw_blob_request_limit)
+    # This bypasses assign_ref_vars to avoid a Gitaly FindCommit lookup.
+    # When rate limiting, we really don't care if a different commit is
+    # being requested.
+    _ref, path = extract_ref(get_id)
+    if rate_limiter.throttled?(:show_raw_controller, scope: [@project, path], threshold: raw_blob_request_limit)
      rate_limiter.log_request(request, :raw_blob_request_limit, current_user)
-      flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
+      render plain: _('You cannot access the raw file. Please wait a minute.'), status: :too_many_requests
-      redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
    end
  end

--- a/changelogs/unreleased/sh-skip-findcommit-lookup-rate-limit.yml
+++ b/changelogs/unreleased/sh-skip-findcommit-lookup-rate-limit.yml
+---
+title: Avoid Gitaly RPCs in rate-limited raw blob requests
+merge_request: 22123
+author:
+type: performance
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -56,10 +56,13 @@ describe Projects::RawController do
        stub_application_setting(raw_blob_request_limit: 5)
      end
-      it 'prevents from accessing the raw file' do
+      it 'prevents from accessing the raw file', :request_store do
-        execute_raw_requests(requests: 6, project: project, file_path: file_path)
+        execute_raw_requests(requests: 5, project: project, file_path: file_path)
+        expect { execute_raw_requests(requests: 1, project: project, file_path: file_path) }
+          .to change { Gitlab::GitalyClient.get_request_count }.by(0)
-        expect(flash[:alert]).to eq(_('You cannot access the raw file. Please wait a minute.'))
+        expect(response.body).to eq(_('You cannot access the raw file. Please wait a minute.'))
        expect(response).to have_gitlab_http_status(429)
      end
@@ -109,7 +112,7 @@ describe Projects::RawController do
          execute_raw_requests(requests: 3, project: project, file_path: modified_path)
-          expect(flash[:alert]).to eq(_('You cannot access the raw file. Please wait a minute.'))
+          expect(response.body).to eq(_('You cannot access the raw file. Please wait a minute.'))
          expect(response).to have_gitlab_http_status(429)
        end
      end
@@ -137,7 +140,7 @@ describe Projects::RawController do
          # Accessing downcase version of readme
          execute_raw_requests(requests: 6, project: project, file_path: file_path)
-          expect(flash[:alert]).to eq(_('You cannot access the raw file. Please wait a minute.'))
+          expect(response.body).to eq(_('You cannot access the raw file. Please wait a minute.'))
          expect(response).to have_gitlab_http_status(429)
          # Accessing upcase version of readme

--- a/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb
+++ b/spec/features/projects/raw/user_interacts_with_raw_endpoint_spec.rb
@@ -31,8 +31,6 @@ describe 'Projects > Raw > User interacts with raw endpoint' do
        visit project_raw_url(project, file_path)
      end
-      expect(source).to have_content('You are being redirected')
-      click_link('redirected')
      expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
    end
  end