add rate limit

2026-06-23 04:10:11 +00:00 · 2024-03-16 23:19:47 +02:00
parent 265b668cb4
commit 749722a9df
4 changed files with 33 additions and 0 deletions
@@ -19,6 +19,12 @@ module Api
      render json: { error: e.message }, status: :unprocessable_entity
    end

+    rescue_from RateLimit::LimitApproached do |e|
+      Rollbar.error(e) if defined?(Rollbar)
+
+      render json: { error: 'Too many requests' }, status: :too_many_requests
+    end
+
    if Rails.env.production?
      rescue_from CanCan::AccessDenied do |e|
        Rollbar.warning(e) if defined?(Rollbar)
@@ -22,6 +22,12 @@ class ApplicationController < ActionController::Base
    redirect_to request.path
  end

+  rescue_from RateLimit::LimitApproached do |e|
+    Rollbar.error(e) if defined?(Rollbar)
+
+    redirect_to request.referer, alert: 'Too many requests', status: :too_many_requests
+  end
+
  if Rails.env.production?
    rescue_from CanCan::AccessDenied do |e|
      Rollbar.warning(e) if defined?(Rollbar)
@@ -21,6 +21,8 @@ class SendSubmissionEmailController < ApplicationController
        Submitter.find_by!(slug: params[:submitter_slug])
      end

+    RateLimit.call("send-email-#{@submitter.id}", limit: 2, ttl: 5.minutes)
+
    SubmitterMailer.documents_copy_email(@submitter, sig: true).deliver_later!

    respond_to do |f|
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module RateLimit
+  LimitApproached = Class.new(StandardError)
+
+  STORE = ActiveSupport::Cache::MemoryStore.new
+
+  module_function
+
+  def call(key, limit:, ttl:, enabled: Docuseal.multitenant?)
+    return true unless enabled
+
+    value = STORE.increment(key, 1, expires_in: ttl)
+
+    raise LimitApproached if value > limit
+
+    true
+  end
+end