jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

return 429 for too many requests instead of 421

Browse Source
This commit is contained in:
Albert Yi
2016-10-18 13:32:41 -07:00
parent b17cd5bffc
commit 2424f24fcd
4 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/application_controller.rb
View File

@@ -41,15 +41,18 @@ protected
def api_check def api_check
if request.format.to_s =~ /\/json|\/xml/ || params[:controller] == "iqdb" if request.format.to_s =~ /\/json|\/xml/ || params[:controller] == "iqdb"
if ApiLimiter.throttled?(request.remote_ip, request.request_method) if ApiLimiter.throttled?(CurrentUser.id || request.remote_ip, request.request_method)
render :text => "421 User Throttled\n", :layout => false, :status => 421 render :text => "429 Too Many Requests\n", :layout => false, :status => 429
return false return false
end end
# elsif request.format.to_s =~ /\/html/ && !ApiLimiter.idempotent?(request.request_method)
# if ApiLimiter.throttled?(CurrentUser.id || request.remote_ip, request.request_method)
# render :template => "static/too_many_requests", :status => 429
# end
end end
return true return true
end end
def rescue_exception(exception) def rescue_exception(exception)
@exception = exception @exception = exception

14
app/logical/api_limiter.rb
View File

@@ -1,5 +1,5 @@
module ApiLimiter module ApiLimiter
def idempotent?(method) def self.idempotent?(method)
case method case method
when "POST", "PUT", "DELETE" when "POST", "PUT", "DELETE"
false false
@@ -9,18 +9,18 @@ module ApiLimiter
end end
end end
def throttled?(ip_addr, http_method = "GET") def throttled?(user_key, http_method = "GET")
idempotent = idempotent?(http_method) idempotent = ApiLimiter.idempotent?(http_method)
key = "api/#{ip_addr}/#{Time.now.hour}/#{idempotent}" key = "api/#{user_key}/#{Time.now.hour}/#{idempotent}"
MEMCACHE.fetch(key, 1.hour, :raw => true) {0} MEMCACHE.fetch(key, 1.hour, :raw => true) {0}
MEMCACHE.incr(key).to_i > CurrentUser.user.api_hourly_limit(idempotent) MEMCACHE.incr(key).to_i > CurrentUser.user.api_hourly_limit(idempotent)
end end
def remaining_hourly_limit(ip_addr, idempotent = true) def remaining_hourly_limit(user_key, idempotent = true)
key = "api/#{ip_addr}/#{Time.now.hour}/#{idempotent}" key = "api/#{user_key}/#{Time.now.hour}/#{idempotent}"
requests = MEMCACHE.fetch(key, 1.hour, :raw => true) {0}.to_i requests = MEMCACHE.fetch(key, 1.hour, :raw => true) {0}.to_i
CurrentUser.user.api_hourly_limit - requests CurrentUser.user.api_hourly_limit - requests
end end
module_function :throttled?, :idempotent?, :remaining_hourly_limit module_function :throttled?, :remaining_hourly_limit
end end

2
app/views/static/too_many_requests.html.erb Normal file
View File

@@ -0,0 +1,2 @@
<h1>Too Many Requests</h1>
<p>You can only make <%= CurrentUser.api_hourly_limit(false) %> updates and <%= CurrentUser.api_hourly_limit(true) %> reads per hour.</p>

2
test/functional/posts_controller_test.rb
View File

@@ -29,7 +29,7 @@ class PostsControllerTest < ActionController::TestCase
end end
get :index, {:format => "json", :login => @user.name, :api_key => @user.api_key.key} get :index, {:format => "json", :login => @user.name, :api_key => @user.api_key.key}
assert_response 421 assert_response 429
end end
end end