th: no more throttles for auth'd users

2024-01-13 14:05:33 -08:00 · 2024-01-13 14:05:33 -08:00 · f50dc0b28f
commit f50dc0b28f
parent bcc0a24acd
1 changed files with 7 additions and 5 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -66,12 +66,14 @@ class Rack::Attack
    IpBlock.blocked?(req.remote_ip)
  end
-  throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
+  if !!ENV['TH_DEACTIVATE_AUTHED_API_THROTTLES']
-    req.authenticated_user_id if req.api_request?
+    throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
-  end
+      req.authenticated_user_id if req.api_request?
    end
-  throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
+    throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
-    req.authenticated_token_id if req.api_request?
+      req.authenticated_token_id if req.api_request?
    end
  end
  throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|