Module: StandardId::RateLimitHandling
- Extended by:
- ActiveSupport::Concern
- Included in:
- Api::BaseController, Web::BaseController
- Defined in:
- app/controllers/concerns/standard_id/rate_limit_handling.rb
Constant Summary collapse
- RATE_LIMIT_STORE =
StandardId::RateLimitStore.new
- DEFAULT_RETRY_AFTER =
Fallback window for the Retry-After header when the tripped limit's window was not captured on the instance — e.g. a hand-rolled
raise TooManyRequeststhat bypasses the rate_limit macro (see Api::Oauth::TokensController's per-audience limit, which uses a 15-minute window). Matches that hand-rolled limit's window, so the fallback stays accurate for it. 15.minutes
Class Method Summary collapse
-
.login_per_email ⇒ Object
Effective per-email login rate limit; see .login_per_ip.
-
.login_per_ip ⇒ Object
Resolve the effective per-IP login rate limit, preferring the mechanism-agnostic
login_per_ipalias and falling back to the deprecatedpassword_login_per_ipwhen the host left the alias at its default (i.e. only configured the old name). -
.resolve_login_alias(new_field, old_field) ⇒ Object
Return the alias value unless it still equals its schema default, in which case fall back to the deprecated field.
Class Method Details
.login_per_email ⇒ Object
Effective per-email login rate limit; see .login_per_ip.
55 56 57 |
# File 'app/controllers/concerns/standard_id/rate_limit_handling.rb', line 55 def self.login_per_email resolve_login_alias(:login_per_email, :password_login_per_email) end |
.login_per_ip ⇒ Object
Resolve the effective per-IP login rate limit, preferring the
mechanism-agnostic login_per_ip alias and falling back to the deprecated
password_login_per_ip when the host left the alias at its default (i.e.
only configured the old name). The new alias wins whenever explicitly set.
Mirrors the max_attempts -> max_attempts_per_challenge deprecation-alias
precedent (prefer-new, fall-back-to-old).
50 51 52 |
# File 'app/controllers/concerns/standard_id/rate_limit_handling.rb', line 50 def self.login_per_ip resolve_login_alias(:login_per_ip, :password_login_per_ip) end |
.resolve_login_alias(new_field, old_field) ⇒ Object
Return the alias value unless it still equals its schema default, in which case fall back to the deprecated field. Both fields share the same default, so the effective default is unchanged when neither is set.
62 63 64 65 66 67 |
# File 'app/controllers/concerns/standard_id/rate_limit_handling.rb', line 62 def self.resolve_login_alias(new_field, old_field) rate_limits = StandardId.config.rate_limits default = StandardId.config.__schema__.field_for(:rate_limits, new_field).default_value new_value = rate_limits[new_field] new_value == default ? rate_limits[old_field] : new_value end |