jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
68769c7c3b7e6d7600925a3e239f6fb922fdff18
danbooru/app/controllers/favorites_controller.rb
evazion 413cd34c45 rate limits: adjust limits for various actions. 
* Tie rate limits to both the user's ID and their IP address.

* Make each endpoint have separate rate limits. This means that, for
  example, your post edit rate limit is separate from your post vote
  rate limit. Before all write actions had a shared rate limit.

* Make all write endpoints have rate limits. Before some endpoints, such
  as voting, favoriting, commenting, or forum posting, weren't subject
  to rate limits.

* Add stricter rate limits for some endpoints:

** 1 per 5 minutes for creating new accounts.
** 1 per minute for login attempts, changing your email address, or
   for creating mod reports.
** 1 per minute for sending dmails, creating comments, creating forum
   posts, or creating forum topics.
** 1 per second for voting, favoriting, or disapproving posts.
** These rate limits all have burst factors high enough that they
   shouldn't affect normal, non-automated users.

* Raise the default write rate limit for Gold users from 2 per second to
  4 per second, for all other actions not listed above.

* Raise the default burst factor to 200 for all other actions not listed
  above. Before it was 10 for Members, 30 for Gold, and 60 for Platinum.
2021-03-05 16:02:57 -06:00

43 lines
1.2 KiB
Ruby
Raw Blame History

class FavoritesController < ApplicationController
respond_to :html, :xml, :json, :js
rescue_with Favorite::Error, status: 422
def index
authorize Favorite
if !request.format.html?
@favorites = Favorite.visible(CurrentUser.user).paginated_search(params)
respond_with(@favorites)
elsif params[:user_id].present?
user = User.find(params[:user_id])
redirect_to posts_path(tags: "ordfav:#{user.name}", format: request.format.symbol)
elsif !CurrentUser.is_anonymous?
redirect_to posts_path(tags: "ordfav:#{CurrentUser.user.name}", format: request.format.symbol)
else
redirect_to posts_path(format: request.format.symbol)
end
end
def create
authorize Favorite
@post = Post.find(params[:post_id])
@post.add_favorite!(CurrentUser.user)
flash.now[:notice] = "You have favorited this post"
respond_with(@post)
end
def destroy
authorize Favorite
@post = Post.find_by_id(params[:id])
if @post
@post.remove_favorite!(CurrentUser.user)
else
Favorite.remove(post_id: params[:id], user: CurrentUser.user)
end
flash.now[:notice] = "You have unfavorited this post"
respond_with(@post)
end
end
Reference in New Issue View Git Blame Copy Permalink