2019-08-19 15:15:50 +02:00
|
|
|
class Rack::Attack
|
|
|
|
throttle('/users/sign_in/ip', limit: 5, period: 20.seconds) do |req|
|
|
|
|
if req.path == '/users/sign_in' && req.post? && rack_attack_enabled?
|
|
|
|
req.remote_ip
|
2019-07-03 15:22:31 +02:00
|
|
|
end
|
2019-08-19 15:15:50 +02:00
|
|
|
end
|
2019-07-03 15:22:31 +02:00
|
|
|
|
2019-08-19 15:15:50 +02:00
|
|
|
throttle('stats/ip', limit: 5, period: 20.seconds) do |req|
|
|
|
|
if req.path == '/stats' && rack_attack_enabled?
|
|
|
|
req.remote_ip
|
2019-07-03 15:22:31 +02:00
|
|
|
end
|
2019-08-19 15:15:50 +02:00
|
|
|
end
|
2019-07-03 15:22:31 +02:00
|
|
|
|
2019-08-19 15:15:50 +02:00
|
|
|
throttle('contact/ip', limit: 5, period: 20.seconds) do |req|
|
|
|
|
if req.path == '/contact' && req.post? && rack_attack_enabled?
|
|
|
|
req.remote_ip
|
2019-07-03 15:22:31 +02:00
|
|
|
end
|
2019-08-19 15:15:50 +02:00
|
|
|
end
|
2019-08-01 17:12:59 +02:00
|
|
|
|
2022-12-14 17:57:08 +01:00
|
|
|
throttle('/api/public/v1/dossiers/ip', limit: 5, period: 20.seconds) do |req|
|
|
|
|
if req.path == '/api/public/v1/dossiers' && req.post? && rack_attack_enabled?
|
|
|
|
req.remote_ip
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-08-19 15:15:50 +02:00
|
|
|
Rack::Attack.safelist('allow from localhost') do |req|
|
|
|
|
IPService.ip_trusted?(req.remote_ip)
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.rack_attack_enabled?
|
|
|
|
ENV['RACK_ATTACK_ENABLE'] == 'true'
|
2019-07-03 15:22:31 +02:00
|
|
|
end
|
|
|
|
end
|