Add rate limit for editing (#17728)

2022-03-09 20:06:51 +01:00
parent 803f536cdd
commit b2cd34474b
5 changed files with 11 additions and 5 deletions
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -10,6 +10,7 @@ class Api::V1::StatusesController < Api::BaseController
  before_action :set_thread, only:       [:create]

  override_rate_limit_headers :create, family: :statuses
+  override_rate_limit_headers :update, family: :statuses

  # This API was originally unlimited, pagination cannot be introduced without
  # breaking backwards-compatibility. Arbitrarily high number to cover most
--- a/app/models/status.rb
+++ b/app/models/status.rb
@@ -212,7 +212,7 @@ class Status < ApplicationRecord
    public_visibility? || unlisted_visibility?
  end

-  def snapshot!(account_id: nil, at_time: nil)
+  def snapshot!(account_id: nil, at_time: nil, rate_limit: true)
    edits.create!(
      text: text,
      spoiler_text: spoiler_text,
@@ -221,7 +221,8 @@ class Status < ApplicationRecord
      media_descriptions: ordered_media_attachments.map(&:description),
      poll_options: preloadable_poll&.options,
      account_id: account_id || self.account_id,
-      created_at: at_time || edited_at
+      created_at: at_time || edited_at,
+      rate_limit: rate_limit
    )
  end

--- a/app/models/status_edit.rb
+++ b/app/models/status_edit.rb
@@ -17,6 +17,8 @@
 #

 class StatusEdit < ApplicationRecord
+  include RateLimitable
+
  self.ignored_columns = %w(
    media_attachments_changed
  )
@@ -26,6 +28,8 @@ class StatusEdit < ApplicationRecord
    delegate :id, :type, :url, :preview_url, :remote_url, :preview_remote_url, :text_url, :meta, :blurhash, to: :media_attachment
  end

+  rate_limit by: :account, family: :statuses
+
  belongs_to :status
  belongs_to :account, optional: true

--- a/app/services/activitypub/process_status_update_service.rb
+++ b/app/services/activitypub/process_status_update_service.rb
@@ -216,13 +216,13 @@ class ActivityPub::ProcessStatusUpdateService < BaseService

    return if @status.edits.any?

-    @status.snapshot!(at_time: @status.created_at)
+    @status.snapshot!(at_time: @status.created_at, rate_limit: false)
  end

  def create_edit!
    return unless significant_changes?

-    @status.snapshot!(account_id: @account.id)
+    @status.snapshot!(account_id: @account.id, rate_limit: false)
  end

  def skip_download?
--- a/app/services/update_status_service.rb
+++ b/app/services/update_status_service.rb
@@ -131,7 +131,7 @@ class UpdateStatusService < BaseService

    return if @status.edits.any?

-    @status.snapshot!(at_time: @status.created_at)
+    @status.snapshot!(at_time: @status.created_at, rate_limit: false)
  end

  def create_edit!