th: ENV['TH_DEACTIVATE_DANGEROUS_THROTTLES'] (pls don't use)

2024-01-13 14:28:20 -08:00 · 2024-01-13 14:28:20 -08:00 · c97bffb054
parent 566b41cc3b
commit c97bffb054
1 changed files with 3 additions and 2 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -4,6 +4,7 @@ require 'doorkeeper/grape/authorization_decorator'

 class Rack::Attack
  TH_DEACTIVATE_THROTTLES = !!ENV['TH_DEACTIVATE_THROTTLES']
+  TH_DEACTIVATE_DANGEROUS_THROTTLES = !!ENV['TH_DEACTIVATE_DANGEROUS_THROTTLES']

  class Request
    def authenticated_token
@ -113,7 +114,7 @@ class Rack::Attack

  throttle('throttle_password_resets/ip', limit: 25, period: 5.minutes) do |req|
    req.throttleable_remote_ip if req.post? && req.path_matches?('/auth/password')
-  end
+  end unless TH_DEACTIVATE_DANGEROUS_THROTTLES

  throttle('throttle_password_resets/email', limit: 5, period: 30.minutes) do |req|
    req.params.dig('user', 'email').presence if req.post? && req.path_matches?('/auth/password')
@ -133,7 +134,7 @@ class Rack::Attack

  throttle('throttle_login_attempts/ip', limit: 25, period: 5.minutes) do |req|
    req.throttleable_remote_ip if req.post? && req.path_matches?('/auth/sign_in')
-  end
+  end unless TH_DEACTIVATE_DANGEROUS_THROTTLES

  throttle('throttle_login_attempts/email', limit: 25, period: 1.hour) do |req|
    req.session[:attempt_user_id] || req.params.dig('user', 'email').presence if req.post? && req.path_matches?('/auth/sign_in')