Add rate limiting for changeset comments

Fixes #4196
2023-08-25 19:21:53 +01:00 · 2023-08-25 19:21:53 +01:00 · a274726f46
commit a274726f46
parent 6759130cb3
9 changed files with 68 additions and 0 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -395,6 +395,19 @@ class User < ApplicationRecord
    max_friends.clamp(0, Settings.max_friends_per_hour)
  end

+  def max_changeset_comments_per_hour
+    if moderator?
+      36000
+    else
+      previous_comments = changeset_comments.limit(200).count
+      active_reports = issues.with_status(:open).sum(:reports_count)
+      max_comments = previous_comments / 200.0 * Settings.max_changeset_comments_per_hour
+      max_comments = max_comments.floor.clamp(Settings.min_changeset_comments_per_hour, Settings.max_changeset_comments_per_hour)
+      max_comments /= 2**active_reports
+      max_comments.floor.clamp(1, Settings.max_changeset_comments_per_hour)
+    end
+  end
+
  private

  def encrypt_password