Code-cleanup of git rate-limiting services
What does this MR do and why?
- Admins can already configure how many projects they will allow a user to download within a certain time-period. And whether the user should be banned if they exceed that. This MR refactors the services responsible for project download rate-limiting & banning.
-
ExcessiveProjectsDownloadBanService
->GitAbuse::ApplicationThrottleService
. - Common code is abstracted in a
BaseThrottleService
- Returns ServiceResponse from services instead of hash
Screenshots or screen recordings
![](/-/project/278964/uploads/de65df794a6b616d80b0cc18c993e9af/Screen_Shot_2022-11-10_at_8.29.25_pm.png)
How to set up and validate locally
1. Application-level throttling
-
Turn on the feature flags and ensure you are on the Ultimate license
$ rails console > License.feature_available?(:git_abuse_rate_limit) > Feature.enable(:git_abuse_rate_limit_feature_flag)
-
Using an admin user (
root
), set the application settings for the feature on http://localhost:3000/admin/application_settings/reporting
![](/-/project/278964/uploads/6a6d87a7e29c665fbc94406dea8e3ea8/Screen_Shot_2022-11-10_at_8.59.42_pm.png)
- Try cloning any 2 projects within 5 minutes
$ rails console
> git clone http://127.0.0.1:3000/gitlab-org/gitlab-test.git
.. cloned
> git clone http://127.0.0.1:3000/gitlab-org/gitlab-shell.git
remote: You are not allowed to download code from this project.
fatal: unable to access 'http://127.0.0.1:3000/gitlab-org/gitlab-test.git/': The requested URL returned error: 403
2. Namespace-level throttling
-
Turn on the feature flags and ensure you are on the Ultimate license
$ rails console > License.feature_available?(:unique_project_download_limit) > Feature.enable(:limit_unique_project_downloads_per_namespace_user) > Feature.disable(:git_abuse_rate_limit_feature_flag)
-
Using an admin user (
root
), set the application settings for the feature on http://localhost:3000/groups/gitlab-org/-/settings/reporting
![](/-/project/278964/uploads/700276c0482e9397829f92ad572c998d/Screen_Shot_2022-11-10_at_9.01.31_pm.png)
- Try cloning any 2 projects from that namespace within 5 minutes as a developer
$ rails console
> git clone http://127.0.0.1:3000/gitlab-org/gitlab-test.git
.. cloned
> git clone http://127.0.0.1:3000/gitlab-org/gitlab-shell.git
remote: You are not allowed to download code from this project.
fatal: unable to access 'http://127.0.0.1:3000/gitlab-org/gitlab-test.git/': The requested URL returned error: 403
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #367610
Edited by Hinam Mehra