jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
f93b1fe478bf4277260592e9b5cf4cc9b9f776b8
danbooru/app/controllers/comment_votes_controller.rb
evazion 413cd34c45 rate limits: adjust limits for various actions. 
* Tie rate limits to both the user's ID and their IP address.

* Make each endpoint have separate rate limits. This means that, for
  example, your post edit rate limit is separate from your post vote
  rate limit. Before all write actions had a shared rate limit.

* Make all write endpoints have rate limits. Before some endpoints, such
  as voting, favoriting, commenting, or forum posting, weren't subject
  to rate limits.

* Add stricter rate limits for some endpoints:

** 1 per 5 minutes for creating new accounts.
** 1 per minute for login attempts, changing your email address, or
   for creating mod reports.
** 1 per minute for sending dmails, creating comments, creating forum
   posts, or creating forum topics.
** 1 per second for voting, favoriting, or disapproving posts.
** These rate limits all have burst factors high enough that they
   shouldn't affect normal, non-automated users.

* Raise the default write rate limit for Gold users from 2 per second to
  4 per second, for all other actions not listed above.

* Raise the default burst factor to 200 for all other actions not listed
  above. Before it was 10 for Members, 30 for Gold, and 60 for Platinum.
2021-03-05 16:02:57 -06:00

31 lines
1023 B
Ruby
Raw Blame History

class CommentVotesController < ApplicationController
respond_to :js, :json, :xml, :html
def index
@comment_votes = authorize CommentVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
@comment_votes = @comment_votes.includes(:user, comment: [:creator, post: [:uploader]]) if request.format.html?
respond_with(@comment_votes)
end
def create
@comment = Comment.find(params[:comment_id])
@comment.with_lock do
@comment_vote = authorize CommentVote.new(comment: @comment, score: params[:score], user: CurrentUser.user)
CommentVote.where(comment: @comment, user: CurrentUser.user).destroy_all
@comment_vote.save
end
flash.now[:notice] = @comment_vote.errors.full_messages.join("; ") if @comment_vote.errors.present?
respond_with(@comment_vote)
end
def destroy
@comment_vote = authorize CommentVote.find_by!(comment_id: params[:comment_id], user: CurrentUser.user)
@comment_vote.destroy
respond_with(@comment_vote)
end
end
Reference in New Issue View Git Blame Copy Permalink