Skip to content

Allow custom rate limiting response text

Sean McGivern requested to merge allow-custom-rate-limiting-response into master

What does this MR do?

When a client hits a rate limit, then currently we sent a plain-text response of 'Retry later'. This allows that response text to be configured in the admin settings:

image

And when it is, clients will get that response. The below is what you get when setting the unauthenticated request limit to 1 request every 60 seconds.

$ curl -s http://localhost:3000/api/v4/users/1 > /dev/null
$ curl -i http://localhost:3000/api/v4/users/1
HTTP/1.1 429 Too Many Requests
Cache-Control: no-cache
Content-Type: text/plain
Retry-After: 55
Vary: Origin
X-Request-Id: 01ETTAG788F8W211KCXGSYTP73
X-Runtime: 0.169767
Date: Wed, 30 Dec 2020 17:18:05 GMT
Content-Length: 117

Rate limit exceeded; see https://docs.gitlab.com/ee/user/gitlab_com/#gitlabcom-specific-rate-limits for more details

This is useful on GitLab.com to let us provide a link to the documentation on our rate limits. For #293965 (closed).

Migration output

Up

== 20201230161206 AddRateLimitingResponseTextToApplicationSettings: migrating =
-- add_column(:application_settings, :rate_limiting_response_text, :text)
   -> 0.0018s
== 20201230161206 AddRateLimitingResponseTextToApplicationSettings: migrated (0.0018s)

== 20210101110640 SetLimitForRateLimitingResponseText: migrating ==============
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0004s
-- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_7227fad848\nCHECK ( char_length(rate_limiting_response_text) <= 255 )\nNOT VALID;\n")
   -> 0.0020s
-- current_schema()
   -> 0.0002s
-- execute("SET statement_timeout TO 0")
   -> 0.0001s
-- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_7227fad848;")
   -> 0.0011s
-- execute("RESET ALL")
   -> 0.0003s
== 20210101110640 SetLimitForRateLimitingResponseText: migrated (0.0142s) =====

Down

== 20210101110640 SetLimitForRateLimitingResponseText: reverting ==============
-- execute("ALTER TABLE application_settings\nDROP CONSTRAINT IF EXISTS check_7227fad848\n")
   -> 0.0019s
== 20210101110640 SetLimitForRateLimitingResponseText: reverted (0.0085s) =====

== 20201230161206 AddRateLimitingResponseTextToApplicationSettings: reverting =
-- remove_column(:application_settings, :rate_limiting_response_text, :text)
   -> 0.0012s
== 20201230161206 AddRateLimitingResponseTextToApplicationSettings: reverted (0.0030s)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Sean McGivern

Merge request reports