# frozen_string_literal: true class Rack::Attack throttle('/users/sign_in/ip', limit: 5, period: 20.seconds) do |req| if req.path == '/users/sign_in' && req.post? && rack_attack_enabled? req.remote_ip end end throttle('stats/ip', limit: 5, period: 20.seconds) do |req| if req.path == '/stats' && rack_attack_enabled? req.remote_ip end end throttle('contact/ip', limit: 5, period: 20.seconds) do |req| if req.path == '/contact' && req.post? && rack_attack_enabled? req.remote_ip end end throttle('/api/public/v1/dossiers/ip', limit: 5, period: 20.seconds) do |req| if req.path == '/api/public/v1/dossiers' && req.post? && rack_attack_enabled? req.remote_ip end end Rack::Attack.safelist('allow from localhost') do |req| IPService.ip_trusted?(req.remote_ip) end def self.rack_attack_enabled? ENV['RACK_ATTACK_ENABLE'] == 'true' end end