From f50dc0b28faa43a2c0202e3be92ab762ffb8a9d0 Mon Sep 17 00:00:00 2001
From: Kouhai <devkouhai@gmail.com>
Date: Sat, 13 Jan 2024 14:05:33 -0800
Subject: [PATCH] th: no more throttles for auth'd users

---
 config/initializers/rack_attack.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 429dbd3248..33205190f1 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -66,12 +66,14 @@ class Rack::Attack
     IpBlock.blocked?(req.remote_ip)
   end
 
-  throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
-    req.authenticated_user_id if req.api_request?
-  end
+  if !!ENV['TH_DEACTIVATE_AUTHED_API_THROTTLES']
+    throttle('throttle_authenticated_api', limit: 1_500, period: 5.minutes) do |req|
+      req.authenticated_user_id if req.api_request?
+    end
 
-  throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
-    req.authenticated_token_id if req.api_request?
+    throttle('throttle_per_token_api', limit: 300, period: 5.minutes) do |req|
+      req.authenticated_token_id if req.api_request?
+    end
   end
 
   throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|