priv users now have 6sec timeout, platinum users have 9sec timeout
This commit is contained in:
albert
@@ -169,6 +169,10 @@ class AnonymousUser
|
|||||||
500
|
500
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def statement_timeout
|
||||||
|
3_000
|
||||||
|
end
|
||||||
|
|
||||||
%w(member banned privileged builder platinum contributor janitor moderator admin).each do |name|
|
%w(member banned privileged builder platinum contributor janitor moderator admin).each do |name|
|
||||||
define_method("is_#{name}?") do
|
define_method("is_#{name}?") do
|
||||||
false
|
false
|
||||||
|
|||||||
@@ -25,10 +25,16 @@ class SessionLoader
|
|||||||
|
|
||||||
update_last_logged_in_at
|
update_last_logged_in_at
|
||||||
set_time_zone
|
set_time_zone
|
||||||
|
set_statement_timeout
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def set_statement_timeout
|
||||||
|
timeout = CurrentUser.user.statement_timeout
|
||||||
|
ActiveRecord::Base.connection.execute("set statement_timeout = #{timeout}")
|
||||||
|
end
|
||||||
|
|
||||||
def load_session_for_api
|
def load_session_for_api
|
||||||
if request.authorization
|
if request.authorization
|
||||||
authenticate_basic_auth
|
authenticate_basic_auth
|
||||||
|
|||||||
@@ -479,6 +479,16 @@ class User < ActiveRecord::Base
|
|||||||
3_000
|
3_000
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def statement_timeout
|
||||||
|
if is_platinum?
|
||||||
|
9_000
|
||||||
|
elsif is_privileged?
|
||||||
|
6_000
|
||||||
|
else
|
||||||
|
3_000
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
module ApiMethods
|
module ApiMethods
|
||||||
|
|||||||
@@ -67,6 +67,18 @@
|
|||||||
<td>Yes</td>
|
<td>Yes</td>
|
||||||
<td>Yes</td>
|
<td>Yes</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>API Hourly Limit</td>
|
||||||
|
<td>3,000</td>
|
||||||
|
<td>10,000</td>
|
||||||
|
<td>20,000</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Database Timeout</td>
|
||||||
|
<td>3 sec</td>
|
||||||
|
<td>6 sec</td>
|
||||||
|
<td>9 sec</td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ module Danbooru
|
|||||||
connection.execute("SET STATEMENT_TIMEOUT = 0") unless Rails.env == "test"
|
connection.execute("SET STATEMENT_TIMEOUT = 0") unless Rails.env == "test"
|
||||||
yield
|
yield
|
||||||
ensure
|
ensure
|
||||||
connection.execute("SET STATEMENT_TIMEOUT = 3000") unless Rails.env == "test"
|
connection.execute("SET STATEMENT_TIMEOUT = #{CurrentUser.user.statement_timeout}") unless Rails.env == "test"
|
||||||
end
|
end
|
||||||
|
|
||||||
def with_timeout(n, default_value)
|
def with_timeout(n, default_value)
|
||||||
@@ -17,7 +17,7 @@ module Danbooru
|
|||||||
rescue ::ActiveRecord::StatementInvalid
|
rescue ::ActiveRecord::StatementInvalid
|
||||||
return default_value
|
return default_value
|
||||||
ensure
|
ensure
|
||||||
connection.execute("SET STATEMENT_TIMEOUT = 3000") unless Rails.env == "test"
|
connection.execute("SET STATEMENT_TIMEOUT = #{CurrentUser.user.statement_timeout}") unless Rails.env == "test"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -40,10 +40,14 @@ While you can usually determine success or failure based on the response object,
|
|||||||
|
|
||||||
h1. Authentication
|
h1. Authentication
|
||||||
|
|
||||||
All API calls must be authenticated. You can pass in two parameters: login and api_key. For legacy users, password_hash using the old salted SHA1 hashed password is also supported. Your API key is equivalent to your bcrypted password hash, which is stored in your cookies as password_hash. You can discover your API key by visiting your user profile. Your API key is intended to be a secret so you should not publicly distribute it.
|
You must be logged in to use the API.
|
||||||
|
|
||||||
|
If you can't maintain a session via a cookie, you can pass in two parameters to authenticate: login and api_key. For legacy users, password_hash using the old salted SHA1 hashed password is also supported. Your API key is equivalent to your bcrypted password hash, which is stored in your cookies as password_hash. You can discover your API key by visiting your user profile. Your API key is intended to be a secret so you should not publicly distribute it.
|
||||||
|
|
||||||
You can also authenticate via HTTP Basic Authentication using your user name and API key.
|
You can also authenticate via HTTP Basic Authentication using your user name and API key.
|
||||||
|
|
||||||
|
If you are writing a user script for a browser, you do not need to embed an API key. You can rely on the user's session.
|
||||||
|
|
||||||
Basic members can make 3,000 requests an hour. Gold members can make 10,000 requests an hour. Platinum members can make 20,000 requests an hour.
|
Basic members can make 3,000 requests an hour. Gold members can make 10,000 requests an hour. Platinum members can make 20,000 requests an hour.
|
||||||
|
|
||||||
h1. Posts
|
h1. Posts
|
||||||
|
|||||||
@@ -100,7 +100,7 @@ module PostSets
|
|||||||
|
|
||||||
context "for a non-privileged user" do
|
context "for a non-privileged user" do
|
||||||
should "fail" do
|
should "fail" do
|
||||||
assert_raises(PostSets::SearchError) do
|
assert_raises(::Post::SearchError) do
|
||||||
@set.posts
|
@set.posts
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user