Merge pull request #243 from travis-ci/ar-cd-rate-setting

Add api builds rate limit to API

.rspec

@@ -0,0 +1,3 @@
+--colour
+--tty
+--format documentation

lib/travis/api/attack.rb

@@ -50,9 +50,9 @@ class Rack::Attack
   # Ban time:     5 hours
   # Ban after:    10 POST requests within five minutes to /auth/github
   blacklist('hammering /auth/github') do |request|
-     Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 2, findtime: 5.minutes, bantime: bantime(5.hours)) do
+    Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 2, findtime: 5.minutes, bantime: bantime(5.hours)) do
-       request.post? and request.path == '/auth/github'
+      request.post? and request.path == '/auth/github'
-     end
+    end
   end
 
   ####
@@ -60,9 +60,9 @@ class Rack::Attack
   # Ban time:     1 hour
   # Ban after:    10 POST requests within 30 seconds
   blacklist('spamming with POST requests') do |request|
-     Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do
+    Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do
-       request.post? and not POST_WHITELISTED.include? request.path
+      request.post? and not POST_WHITELISTED.include? request.path
-     end
+    end
   end
 
 

lib/travis/api/v3/models/repository.rb

@@ -62,5 +62,9 @@ module Travis::API::V3
 
       __send__(name, *args, &block)
     end
+
+    def settings
+      @settings ||= JSON.load(super)
+    end
   end
 end

lib/travis/api/v3/services/requests/create.rb

@@ -22,14 +22,19 @@ module Travis::API::V3
       accepted(remaining_requests: remaining, repository: repository, request: payload)
     end
 
-    def limit
+    def limit(repository)
-      Travis.config.requests_create_api_limit || LIMIT
+      if repository.settings.nil?
+        LIMIT
+      else
+        repository.settings["api_builds_rate_limit"] || LIMIT
+      end
     end
 
     def remaining_requests(repository)
-      return limit if access_control.full_access?
+      api_builds_rate_limit = limit(repository)
+      return api_builds_rate_limit if access_control.full_access?
       count = query(:requests).count(repository, TIME_FRAME)
-      count > limit ? 0 : limit - count
+      count > api_builds_rate_limit ? 0 : api_builds_rate_limit - count
     end
   end
 end

spec/v3/services/requests/create_spec.rb

@@ -239,6 +239,26 @@ describe Travis::API::V3::Services::Requests::Create do
       }
     end
 
+    describe "overrides default request limit if included in repository.settings" do
+      before { repo.update_attribute(:settings, { api_builds_rate_limit: 12 }.to_json) }
+
+      before { 10.times { repo.requests.create(event_type: 'api', result: 'accepted') } }
+      before { post("/v3/repo/#{repo.id}/requests", {}, headers) }
+
+      example { expect(last_response.status).to be == 202 }
+      example { expect(JSON.load(body).to_s).to  include(
+        "@type",
+        "repository",
+        "remaining_requests",
+        "2",
+        "request",
+        "representation",
+        "minimal",
+        "slug",
+        "svenfuchs/minimal")
+      }
+    end
+
     describe "passing the token in params" do
       let(:params) {{ request: { token: 'foo-bar' }}}
       example { expect(sidekiq_params[:credentials]).to be == {