github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-27 12:23:36 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
b86127ad12
discourse/app/models
History
Osama Sayegh b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
..
concerns DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
about.rb FEATURE: adds last day to about page stats (#12663) 2021-04-12 12:50:33 +10:00
admin_dashboard_data.rb UX: Translate the action type in watched words regex error (#13680) 2021-07-09 14:34:08 +01:00
admin_dashboard_general_data.rb FIX: Allow dashboard to load even when git version cannot be found 2019-08-28 12:37:42 +01:00
admin_dashboard_index_data.rb
allowed_pm_user.rb FEATURE: Allow List for PMs (#10270) 2020-07-20 15:23:49 -06:00
anonymous_user.rb
api_key_scope.rb FEATURE: Add read-only scope to API keys (#14856) 2021-11-10 17:48:00 +02:00
api_key.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
application_request.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
auto_track_duration_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
backup_draft_post.rb FEATURE: experimental hidden setting for draft backups 2019-10-17 16:58:21 +11:00
backup_draft_topic.rb FEATURE: experimental hidden setting for draft backups 2019-10-17 16:58:21 +11:00
backup_file.rb
backup_location_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
backup_metadata.rb FIX: Prevent "uploads are missing in S3" alerts after restoring a backup 2020-09-10 21:37:48 +02:00
badge_grouping.rb
badge_type.rb
badge.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
base_font_setting.rb DEV: Do not translate font names (#10723) 2020-09-23 12:00:07 +03:00
bookmark.rb FEATURE: Topic-level bookmarks (#14353) 2021-09-21 08:45:47 +10:00
category_and_topic_lists.rb
category_custom_field.rb
category_featured_topic.rb FIX: Use Discourse.system_user when we need a placeholder admin (#9781) 2020-06-24 15:51:30 +10:00
category_group.rb PERF: Add index on group to category_groups (#8231) 2019-10-23 10:30:43 +01:00
category_list.rb FIX: exclude topics from muted tag in category featured list. (#14925) 2021-11-16 12:10:50 +05:30
category_page_style.rb
category_search_data.rb
category_tag_group.rb PERF: Cache categories in Site model take 3. 2021-06-24 13:30:51 +08:00
category_tag_stat.rb
category_tag.rb PERF: Cache categories in Site model take 3. 2021-06-24 13:30:51 +08:00
category_user.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
category.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
child_theme.rb
color_scheme_color.rb FIX: Wizard could not send custom color schemes to the client correctly (#10484) 2020-08-20 17:10:33 -07:00
color_scheme_setting.rb Add site setting to pick dark mode color scheme (#10390) 2020-08-07 08:52:47 -04:00
color_scheme.rb DEV: Instantiate relation early to save a query (#14766) 2021-10-29 03:03:22 +02:00
custom_emoji.rb DEV: annotate models 2020-04-28 15:59:39 +05:30
developer.rb DEV: Update annotations 2019-11-29 15:49:08 +00:00
digest_email_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
directory_column.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
directory_item.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
discourse_single_sign_on.rb DEV: Update DiscourseConnect nonce errors to be more descriptive (#14858) 2021-11-09 17:39:05 +00:00
discourse_version_check.rb
dismissed_topic_user.rb FEATURE: New way to dismiss new topics (#11927) 2021-02-04 11:27:34 +11:00
do_not_disturb_timing.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
draft_sequence.rb FIX: Update draft count when sequence is increased (#13940) 2021-08-04 13:30:37 +03:00
draft.rb FEATURE: Cook drafts excerpt in user activity (#14315) 2021-09-14 15:18:01 +03:00
email_change_request.rb SECURITY: Destroy EmailToken when EmailChangeRequest is destroyed (#13950) 2021-08-04 19:14:56 -04:00
email_level_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_log.rb FIX: Improve participant display in group SMTP emails (#13539) 2021-06-28 10:42:06 +10:00
email_style.rb FIX: backwards compatibility for uncompiled email style css 2019-10-23 19:22:33 -04:00
email_token.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
embeddable_host.rb FEATURE: Stop checking referer for embeds (#13756) 2021-07-16 15:25:49 -03:00
embedding.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
emoji_set_site_setting.rb DEV: Remove JoyPixels emoji option (#12197) 2021-02-26 07:44:52 -05:00
emoji.rb FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
external_upload_stub.rb DEV: Do not destroy external upload stub on error in debug mode (#14139) 2021-08-25 11:11:19 +10:00
given_daily_like.rb
global_setting.rb FIX: allowed_theme_ids should not be persisted in GlobalSettings (#14756) 2021-10-29 11:46:52 -04:00
group_archived_message.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
group_category_notification_default.rb FEATURE: set notification levels when added to a group (#10378) 2020-08-06 12:27:27 -04:00
group_custom_field.rb
group_history.rb
group_manager.rb
group_mention.rb
group_request.rb
group_tag_notification_default.rb FEATURE: set notification levels when added to a group (#10378) 2020-08-06 12:27:27 -04:00
group_user.rb FIX: use active record update_attribute instead of mini sql. (#14367) 2021-09-21 09:29:12 +08:00
group.rb DEV: Remove deprecated method (#14902) 2021-11-12 09:07:44 -06:00
ignored_user.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
imap_sync_log.rb DEV: IMAP debugging improvements (#11784) 2021-01-21 11:37:47 +10:00
incoming_domain.rb
incoming_email.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
incoming_link.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
incoming_links_report.rb FEATURE: Make report filters reusable (#9444) 2020-04-22 11:52:50 +03:00
incoming_referer.rb
invite_redeemer.rb FIX: Let staged users choose their username (#13678) 2021-07-12 07:57:38 +10:00
invite.rb FEATURE: Warn if invited user cannot see topic (#13548) 2021-07-06 12:49:26 +03:00
invited_group.rb FEATURE: Various improvements to invite system (#12314) 2021-03-09 00:15:14 +02:00
invited_user.rb FEATURE: Various improvements to invite system (#12298) 2021-03-06 13:29:35 +02:00
javascript_cache.rb Replace base_uri with base_path (#10879) 2020-10-09 12:51:24 +01:00
like_notification_frequency_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
linked_topic.rb FEATURE: new setting to create a linked topic on autoclosing mega topics (#11001) 2020-11-02 12:18:48 +05:30
locale_site_setting.rb DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
mailing_list_mode_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
muted_user.rb
new_topic_duration_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
notification_level_when_replying_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
notification.rb DEV: Support translated title in desktop/notifications (#14325) 2021-09-14 09:57:38 -05:00
oauth2_user_info.rb FIX: allow storage of non unique rows in oauth2_user_infos 2019-10-25 11:57:34 +11:00
onceoff_log.rb
optimized_image.rb DEV: Add more verbose logging for image uploads (#13270) 2021-06-04 15:13:58 +03:00
permalink.rb FIX: Show error messages when adding permalinks in the admin UI (#12545) 2021-03-29 13:36:59 -05:00
plugin_store_row.rb
plugin_store.rb
post_action_type.rb FIX: Clear post action types application serializer fragment cache. 2021-06-04 09:14:49 +08:00
post_action.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
post_analyzer.rb FIX: Improve anchor links (#12683) 2021-04-14 10:27:07 +03:00
post_custom_field.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
post_detail.rb
post_mover.rb FIX: nil the baked version after moving the posts. (#14483) 2021-10-12 17:31:18 +11:00
post_reply_key.rb
post_reply.rb DEV: Remove stale ignored_columns. (#11160) 2020-11-09 15:57:59 +11:00
post_revision.rb FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
post_search_data.rb DEV: annotate models (#11047) 2020-10-27 23:42:33 +05:30
post_stat.rb
post_timing.rb PERF: Remove redundant post_timings_summary index (#14164) 2021-08-26 10:50:34 -05:00
post_upload.rb
post.rb PERF: Use different column for better query plan (#14748) 2021-10-28 11:30:30 +03:00
previous_replies_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
private_message_topic_tracking_state.rb FIX: Do not publish post for PM topic tracking if not new for user. (#14469) 2021-09-29 13:54:24 +08:00
published_page.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
push_subscription.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
quoted_post.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
remote_theme.rb DEV: Cleanup after remote update check (#12887) 2021-04-28 17:07:27 -07:00
remove_muted_tags_from_latest_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
report.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
reviewable_claimed_topic.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
reviewable_history.rb FEATURE: Add logging when claiming and unclaiming reviewable flagged posts (#8920) 2020-02-10 15:40:01 -08:00
reviewable_post.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
reviewable_priority_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_queued_post.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
reviewable_score.rb DEV: Plugins can extend ReviewableScore types. (#10156) 2020-07-02 11:47:43 -03:00
reviewable_sensitivity_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_user.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
reviewable.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
s3_region_site_setting.rb Added S3 region eu-south-1 Milanù 2021-09-16 12:33:43 -04:00
screened_email.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
screened_ip_address.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
screened_url.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
search_log.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
shared_draft.rb
shelved_notification.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
single_sign_on_record.rb
site_setting.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
site.rb FIX: Avoid another N+1 query in Site.json_for (#14763) 2021-10-28 20:28:31 +02:00
skipped_email_log.rb FIX: Handle edge cases for group SMTP email job (#13631) 2021-07-05 14:56:32 +10:00
slug_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheet_cache.rb PERF: Add scheduled job to delete old stylesheet cache rows (#13747) 2021-07-16 10:58:01 -04:00
tag_group_membership.rb
tag_group_permission.rb
tag_group.rb FIX: remove parent tag from tag group 2020-03-13 12:25:58 -04:00
tag_search_data.rb
tag_user.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
tag.rb FEATURE: New and Unread messages for user personal messages. (#13603) 2021-08-02 12:41:41 +08:00
theme_field.rb DEV: Fix 3N+1 query in /admin/customize/themes (#14876) 2021-11-11 18:11:23 +01:00
theme_modifier_set.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
theme_setting.rb FEATURE: add support for upload format in theme settings. 2020-04-15 18:34:02 +05:30
theme_translation_override.rb FIX: Clear in-process theme cache after clearing DB cache (#11517) 2020-12-17 11:02:41 +11:00
theme.rb DEV: Fix 3N+1 query in /admin/customize/themes (#14876) 2021-11-11 18:11:23 +01:00
top_lists.rb
top_menu_item.rb
top_topic.rb FIX: Better and more secure validation of periods for TopicQuery 2021-07-23 14:24:44 -04:00
topic_allowed_group.rb
topic_allowed_user.rb
topic_converter.rb FIX: Limit personal message participants when converting from topic (#9343) 2020-04-03 16:42:01 +01:00
topic_custom_field.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
topic_embed.rb FIX: Convert URLs embedded topics to absolute form (#14975) 2021-11-17 16:39:49 +11:00
topic_featured_users.rb
topic_group.rb Changed CONFLICT to SQL for multiline strings 2019-12-13 11:51:40 -05:00
topic_invite.rb
topic_link_click.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
topic_link.rb FIX: Hide links to muted topics and in categories list (#14761) 2021-10-29 17:52:23 +03:00
topic_list.rb FIX: Add plugin event to topic list user lookup (#14116) 2021-08-25 13:16:08 +03:00
topic_notifier.rb
topic_participants_summary.rb PERF: Combine avatar_lookup and primary_group_lookup into user_lookup (#10253) 2020-07-17 10:48:08 +01:00
topic_poster.rb Fix i18n issues reported on Crowdin (#11747) 2021-02-02 10:50:04 +01:00
topic_posters_summary.rb FIX: Add plugin event to topic list user lookup (#14116) 2021-08-25 13:16:08 +03:00
topic_search_data.rb
topic_tag.rb
topic_thumbnail.rb DEV: followup to prev commit 2020-05-26 16:19:05 +10:00
topic_timer.rb FIX: Remove legacy topic timer code (#13544) 2021-06-29 09:16:25 +10:00
topic_tracking_state.rb FIX: topic_tracking_state not erroring when missing user_stat (#14559) 2021-10-11 13:20:55 +11:00
topic_user.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
topic_view_item.rb FIX: exclude private messages from TL3 requirements 2020-04-07 17:36:07 -04:00
topic.rb FIX: Use correct group out of multiple for SMTP sender (#14957) 2021-11-16 10:21:49 +10:00
translation_override.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
trust_level_and_staff_and_disabled_setting.rb FEATURE: Make allow_uploaded_avatars accept TL (#14091) 2021-08-24 10:46:28 +03:00
trust_level_and_staff_setting.rb FIX: Don't store translated trust level names in anonymous cache (#13224) 2021-06-01 22:11:48 +02:00
trust_level_setting.rb FIX: Don't store translated trust level names in anonymous cache (#13224) 2021-06-01 22:11:48 +02:00
trust_level3_requirements.rb PERF: Faster TL3 promotion replies needed calculation (#10416) 2020-08-12 11:28:34 -03:00
unsubscribe_key.rb
upload.rb DEV: use upload id to save in theme setting instead of URL. (#14341) 2021-09-16 07:58:53 +05:30
user_action.rb FIX: rename action_code_href to action_code_path (#14834) 2021-11-08 14:32:17 +11:00
user_api_key_scope.rb FIX: Restore users#topic_tracking_state route to api session_info scope (#10992) 2020-10-21 19:44:34 +01:00
user_api_key.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
user_archived_message.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
user_associated_account.rb
user_auth_token_log.rb
user_auth_token.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
user_avatar.rb DEV: Add more verbose logging for image uploads (#13270) 2021-06-04 15:13:58 +03:00
user_badge.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
user_badges.rb
user_bookmark_list.rb FIX: Add bookmark limits (#11725) 2021-01-19 08:53:49 +10:00
user_custom_field.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
user_email.rb DEV: Improve User#email= behavior (#11338) 2021-02-22 11:42:37 +00:00
user_export.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_option.rb FIX: Validate value of custom dropdown user fields - dropdowns and multiple selects (#13890) 2021-07-30 13:50:47 -04:00
user_field.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
user_history.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
user_ip_address_history.rb DEV: annotate models (#11047) 2020-10-27 23:42:33 +05:30
user_notification_schedule.rb DEV: Update core model annotations 2021-07-06 10:11:06 +01:00
user_open_id.rb DEV: Drop legacy OpenID 2.0 support (#8894) 2020-02-07 17:32:35 +00:00
user_option.rb FEATURE: save local date to calendar (#14486) 2021-10-06 14:11:52 +11:00
user_profile_view.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
user_profile.rb FEATURE: Pull hotlinked images in user bios (#14726) 2021-10-29 17:58:05 +03:00
user_search_data.rb
user_search.rb FIX: Show user filter hints when typing @ in search (#13799) 2021-07-21 09:14:53 -04:00
user_second_factor.rb SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
user_security_key.rb DEV: annotate models 2019-10-17 16:58:22 +11:00
user_stat.rb FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
user_summary.rb FEATURE: Let users select flair (#13587) 2021-07-08 10:46:21 +03:00
user_upload.rb
user_visit.rb
user_warning.rb
user.rb FIX: Query the items in the queue to calculate a user's flagged post count. (#14028) 2021-08-12 14:20:46 -03:00
username_validator.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
watched_word.rb FEATURE: add staff action logs for watched words (#13574) 2021-06-30 11:22:46 +05:30
web_crawler_request.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_type.rb FEATURE: add support for like webhooks (#12917) 2021-04-30 17:08:38 -07:00
web_hook_event.rb
web_hook.rb FEATURE: add support for like webhooks (#12917) 2021-04-30 17:08:38 -07:00