From c9efb400b429696d1ee5464931f7f62e38edf1d6 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 5 Apr 2020 14:40:08 +0200
Subject: [PATCH] Add rate limit for reporting (#13390)

---
 app/controllers/api/v1/reports_controller.rb | 2 ++
 app/lib/rate_limiter.rb                      | 6 +++---
 app/models/report.rb                         | 3 +++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb
index 66c40f6f4d..e10083d450 100644
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@@ -4,6 +4,8 @@ class Api::V1::ReportsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :write, :'write:reports' }, only: [:create]
   before_action :require_user!
 
+  override_rate_limit_headers :create, family: :reports
+
   def create
     @report = ReportService.new.call(
       current_account,
diff --git a/app/lib/rate_limiter.rb b/app/lib/rate_limiter.rb
index 68dae9add4..0e2c9a8943 100644
--- a/app/lib/rate_limiter.rb
+++ b/app/lib/rate_limiter.rb
@@ -14,9 +14,9 @@ class RateLimiter
       period: 3.hours.freeze,
     }.freeze,
 
-    media: {
-      limit: 30,
-      period: 30.minutes.freeze,
+    reports: {
+      limit: 400,
+      period: 24.hours.freeze,
     }.freeze,
   }.freeze
 
diff --git a/app/models/report.rb b/app/models/report.rb
index 356c23d68b..f31bcfd2e9 100644
--- a/app/models/report.rb
+++ b/app/models/report.rb
@@ -18,6 +18,9 @@
 
 class Report < ApplicationRecord
   include Paginable
+  include RateLimitable
+
+  rate_limit by: :account, family: :reports
 
   belongs_to :account
   belongs_to :target_account, class_name: 'Account'
-- 
GitLab