mastodon/app/controllers/concerns/rate_limit_headers.rb

# frozen_string_literal: true

module RateLimitHeaders
  extend ActiveSupport::Concern

  class_methods do
    def override_rate_limit_headers(method_name, options = {})
      around_action(only: method_name, if: :current_account) do |_controller, block|
        block.call
      ensure
        rate_limiter = RateLimiter.new(current_account, options)
        rate_limit_headers = rate_limiter.to_headers
        response.headers.merge!(rate_limit_headers) unless response.headers['X-RateLimit-Remaining'].present? && rate_limit_headers['X-RateLimit-Remaining'].to_i > response.headers['X-RateLimit-Remaining'].to_i
      end
    end
  end

  included do
    before_action :set_rate_limit_headers, if: :rate_limited_request?
  end

  private

  def set_rate_limit_headers
    apply_header_limit
    apply_header_remaining
    apply_header_reset
  end

  def rate_limited_request?
    !request.env['rack.attack.throttle_data'].nil?
  end

  def apply_header_limit
    response.headers['X-RateLimit-Limit'] = rate_limit_limit
  end

  def rate_limit_limit
    api_throttle_data[:limit].to_s
  end

  def apply_header_remaining
    response.headers['X-RateLimit-Remaining'] = rate_limit_remaining
  end

  def rate_limit_remaining
    (api_throttle_data[:limit] - api_throttle_data[:count]).to_s
  end

  def apply_header_reset
    response.headers['X-RateLimit-Reset'] = rate_limit_reset
  end

  def rate_limit_reset
    (request_time + reset_period_offset).iso8601(6)
  end

  def api_throttle_data
    most_limited_type, = request.env['rack.attack.throttle_data'].min_by { |_key, value| value[:limit] - value[:count] }
    request.env['rack.attack.throttle_data'][most_limited_type]
  end

  def request_time
    @_request_time ||= Time.now.utc
  end

  def reset_period_offset
    api_throttle_data[:period] - (request_time.to_i % api_throttle_data[:period])
  end
end
Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup 2017-06-07 15:23:26 +00:00			`# frozen_string_literal: true`

			`module RateLimitHeaders`
			`extend ActiveSupport::Concern`

Add specific rate limits for posting and following (#13172) 2020-03-08 14:17:39 +00:00			`class_methods do`
			`def override_rate_limit_headers(method_name, options = {})`
			`around_action(only: method_name, if: :current_account) do \|_controller, block\|`
Autofix Rubocop Style/RedundantBegin (#23703) 2023-02-18 22:09:40 +00:00			`block.call`
			`ensure`
			`rate_limiter = RateLimiter.new(current_account, options)`
			`rate_limit_headers = rate_limiter.to_headers`
			`response.headers.merge!(rate_limit_headers) unless response.headers['X-RateLimit-Remaining'].present? && rate_limit_headers['X-RateLimit-Remaining'].to_i > response.headers['X-RateLimit-Remaining'].to_i`
Add specific rate limits for posting and following (#13172) 2020-03-08 14:17:39 +00:00			`end`
			`end`
			`end`

Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup 2017-06-07 15:23:26 +00:00			`included do`
			`before_action :set_rate_limit_headers, if: :rate_limited_request?`
			`end`

			`private`

			`def set_rate_limit_headers`
			`apply_header_limit`
			`apply_header_remaining`
			`apply_header_reset`
			`end`

			`def rate_limited_request?`
			`!request.env['rack.attack.throttle_data'].nil?`
			`end`

			`def apply_header_limit`
			`response.headers['X-RateLimit-Limit'] = rate_limit_limit`
			`end`

			`def rate_limit_limit`
			`api_throttle_data[:limit].to_s`
			`end`

			`def apply_header_remaining`
			`response.headers['X-RateLimit-Remaining'] = rate_limit_remaining`
			`end`

			`def rate_limit_remaining`
			`(api_throttle_data[:limit] - api_throttle_data[:count]).to_s`
			`end`

			`def apply_header_reset`
			`response.headers['X-RateLimit-Reset'] = rate_limit_reset`
			`end`

			`def rate_limit_reset`
			`(request_time + reset_period_offset).iso8601(6)`
			`end`

			`def api_throttle_data`
Fix single name variables on controller folder (#20092) Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com> Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com> Co-authored-by: Effy Elden <effy@effy.space> 2022-12-15 16:11:58 +00:00			`most_limited_type, = request.env['rack.attack.throttle_data'].min_by { \|_key, value\| value[:limit] - value[:count] }`
Apply a 25x rate limit by IP even to authenticated requests (#5948) 2017-12-11 14:32:29 +00:00			`request.env['rack.attack.throttle_data'][most_limited_type]`
Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup 2017-06-07 15:23:26 +00:00			`end`

			`def request_time`
			`@_request_time \|\|= Time.now.utc`
			`end`

			`def reset_period_offset`
Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#23681) 2023-02-18 03:30:23 +00:00			`api_throttle_data[:period] - (request_time.to_i % api_throttle_data[:period])`
Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup 2017-06-07 15:23:26 +00:00			`end`
			`end`