jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
9b59ba780b05b552c15c29d11cb5adff2f9a19e0
danbooru/app/controllers/post_votes_controller.rb
evazion 413cd34c45 rate limits: adjust limits for various actions. 
* Tie rate limits to both the user's ID and their IP address.

* Make each endpoint have separate rate limits. This means that, for
  example, your post edit rate limit is separate from your post vote
  rate limit. Before all write actions had a shared rate limit.

* Make all write endpoints have rate limits. Before some endpoints, such
  as voting, favoriting, commenting, or forum posting, weren't subject
  to rate limits.

* Add stricter rate limits for some endpoints:

** 1 per 5 minutes for creating new accounts.
** 1 per minute for login attempts, changing your email address, or
   for creating mod reports.
** 1 per minute for sending dmails, creating comments, creating forum
   posts, or creating forum topics.
** 1 per second for voting, favoriting, or disapproving posts.
** These rate limits all have burst factors high enough that they
   shouldn't affect normal, non-automated users.

* Raise the default write rate limit for Gold users from 2 per second to
  4 per second, for all other actions not listed above.

* Raise the default burst factor to 200 for all other actions not listed
  above. Before it was 10 for Members, 30 for Gold, and 60 for Platinum.
2021-03-05 16:02:57 -06:00

32 lines
949 B
Ruby
Raw Blame History

class PostVotesController < ApplicationController
respond_to :js, :json, :xml, :html
def index
@post_votes = authorize PostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
@post_votes = @post_votes.includes(:user, post: :uploader) if request.format.html?
respond_with(@post_votes)
end
def create
@post = Post.find(params[:post_id])
@post.with_lock do
@post_vote = authorize PostVote.new(post: @post, score: params[:score], user: CurrentUser.user)
PostVote.where(post: @post, user: CurrentUser.user).destroy_all
@post_vote.save
end
flash.now[:notice] = @post_vote.errors.full_messages.join("; ") if @post_vote.errors.present?
respond_with(@post_vote)
end
def destroy
@post = Post.find(params[:post_id])
@post_vote = @post.votes.find_by(user: CurrentUser.user)
authorize(@post_vote).destroy if @post_vote
respond_with(@post_vote)
end
end
Reference in New Issue View Git Blame Copy Permalink