diff options
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Config/Admin.pm | 33 | ||||
| -rw-r--r-- | Bugzilla/WebService/Bug.pm | 5 |
2 files changed, 37 insertions, 1 deletions
diff --git a/Bugzilla/Config/Admin.pm b/Bugzilla/Config/Admin.pm index 74748d3d8..5f10bfef3 100644 --- a/Bugzilla/Config/Admin.pm +++ b/Bugzilla/Config/Admin.pm @@ -12,6 +12,9 @@ use strict; use warnings; use Bugzilla::Config::Common; +use JSON::XS qw(decode_json); +use List::MoreUtils qw(all); +use Scalar::Util qw(looks_like_number); our $sortkey = 200; @@ -44,6 +47,19 @@ sub get_param_list { }, { + name => 'rate_limit_active', + type => 'b', + default => 1, + }, + + { + name => 'rate_limit_rules', + type => 'l', + default => '{"get_bug": [75, 60], "show_bug": [75, 60]}', + checker => \&check_rate_limit_rules, + }, + + { name => 'log_user_requests', type => 'b', default => 0, @@ -51,4 +67,21 @@ sub get_param_list { return @param_list; } +sub check_rate_limit_rules { + my $rules = shift; + + my $val = eval { decode_json($rules) }; + return "failed to parse json" unless defined $val; + return "value is not HASH" unless ref $val && ref($val) eq 'HASH'; + return "rules are invalid" unless all { + ref($_) eq 'ARRAY' && looks_like_number( $_->[0] ) && looks_like_number( $_->[1] ) + } values %$val; + + foreach my $required (qw( show_bug get_bug )) { + return "missing $required" unless exists $val->{$required}; + } + + return ""; +} + 1; diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 78545e129..97dd46d0e 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -22,7 +22,7 @@ use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(extract_flags filter filter_wants validate translate); use Bugzilla::Bug; use Bugzilla::BugMail; -use Bugzilla::Util qw(trick_taint trim detaint_natural); +use Bugzilla::Util qw(trick_taint trim detaint_natural remote_ip); use Bugzilla::Version; use Bugzilla::Milestone; use Bugzilla::Status; @@ -398,6 +398,9 @@ sub _translate_comment { sub get { my ($self, $params) = validate(@_, 'ids'); + unless (Bugzilla->user->id) { + Bugzilla->check_rate_limit("get_bug", remote_ip()); + } Bugzilla->switch_to_shadow_db() unless Bugzilla->user->id; my $ids = $params->{ids}; |