diff options
| author | Mary Umoh <umohm12@gmail.com> | 2017-06-30 01:03:46 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-07-07 00:19:20 +0200 |
| commit | 4c9f9a8c49e9f25096ee3b6982b197e9efa6dd60 (patch) | |
| tree | 21fd41e87f0838321f4494f784fd94bc1f1b679f /Bugzilla.pm | |
| parent | 662b0801c0e429b7d83c2ad6ed47a0293f10ff5e (diff) | |
| download | bugzilla-4c9f9a8c49e9f25096ee3b6982b197e9efa6dd60.tar.gz bugzilla-4c9f9a8c49e9f25096ee3b6982b197e9efa6dd60.tar.xz | |
Bug 1355169 - Add rate-limiting to show_bug.cgi and rest.cgi
* fix mistake
* Update
* Updates
* remove other file
Diffstat (limited to 'Bugzilla.pm')
| -rw-r--r-- | Bugzilla.pm | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index b6dcd58ab..2d59d4171 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -55,6 +55,7 @@ use File::Basename; use File::Spec::Functions; use Safe; use Sys::Syslog qw(:DEFAULT); +use JSON::XS qw(decode_json); use parent qw(Bugzilla::CPAN); @@ -156,7 +157,7 @@ sub init_page { } # If Bugzilla is shut down, do not allow anything to run, just display a - # message to the user about the downtime and log out. Scripts listed in + # message to the user about the downtime and log out. Scripts listed in # SHUTDOWNHTML_EXEMPT are exempt from this message. # # This code must go here. It cannot go anywhere in Bugzilla::CGI, because @@ -202,7 +203,7 @@ sub init_page { if (i_am_cgi()) { # Set the HTTP status to 503 when Bugzilla is down to avoid pages # being indexed by search engines. - print Bugzilla->cgi->header(-status => 503, + print Bugzilla->cgi->header(-status => 503, -retry_after => SHUTDOWNHTML_RETRY_AFTER); } my $t_output; @@ -773,6 +774,23 @@ sub elastic { $class->process_cache->{elastic} //= Bugzilla::Elastic->new(); } +sub check_rate_limit { + my ($class, $name, $id) = @_; + my $params = Bugzilla->params; + if ($params->{rate_limit_active}) { + my $rules = decode_json($params->{rate_limit_rules}); + my $limit = $rules->{$name}; + unless ($limit) { + warn "no rules for $name!"; + return 0; + } + if (Bugzilla->memcached->should_rate_limit("$name:$id", @$limit)) { + Bugzilla->audit("[rate_limit] $id exceeds rate limit $name: " . join("/", @$limit)); + ThrowUserError("rate_limit"); + } + } +} + # Private methods # Per-process cleanup. Note that this is a plain subroutine, not a method, @@ -936,8 +954,8 @@ progress, returns the C<Bugzilla::User> object corresponding to the currently logged in user. =item C<sudo_request> -This begins an sudo session for the current request. It is meant to be -used when a session has just started. For normal use, sudo access should +This begins an sudo session for the current request. It is meant to be +used when a session has just started. For normal use, sudo access should normally be set at login time. =item C<login> @@ -1034,7 +1052,7 @@ C<Bugzilla->usage_mode> will return the current state of this flag. =item C<installation_mode> -Determines whether or not installation should be silent. See +Determines whether or not installation should be silent. See L<Bugzilla::Constants> for the C<INSTALLATION_MODE> constants. =item C<installation_answers> |