Merge pull request #284 from travis-ci/igor-fix-rate-limit

no longer test against user agent for github rate-limit, since it is not consistently github-camo

lib/travis/api/attack.rb

@@ -31,7 +31,9 @@ class Rack::Attack
     "/auth/post_message/iframe"
   ]
 
-  IMAGE_PATTERN = /^\/([a-z0-9_-]+)\/([a-z0-9_-]+)\.(png|svg)$/
+  whitelist('safelist build status images') do |request|
+    /\.(png|svg)$/.match(request.path)
+  end
 
   ####
   # Whitelisted IP addresses
@@ -39,10 +41,6 @@ class Rack::Attack
     Travis.redis.sismember(:api_whitelisted_ips, request.ip)
   end
 
-  whitelist('safelist build status images when requested by github') do |request|
-    request.user_agent and request.user_agent.start_with?('github-camo') and IMAGE_PATTERN.match(request.path)
-  end
-
   ####
   # Ban based on: IP address
   # Ban time:     indefinite

spec/unit/attack_spec.rb

@@ -0,0 +1,23 @@
+describe Rack::Attack do
+  describe 'image request' do
+    let(:request) {
+      env = Rack::MockRequest.env_for("https://api-test.travis-ci.org/travis-ci/travis-github-sync.png")
+      Rack::Attack::Request.new(env)
+    }
+
+    it 'should be safelisted' do
+      expect(Rack::Attack.whitelisted?(request)).to be_truthy
+    end
+  end
+
+  describe 'non-image API request' do
+    let(:request) {
+      env = Rack::MockRequest.env_for("https://api-test.travis-ci.org/repos/rails/rails/branches")
+      Rack::Attack::Request.new(env)
+    }
+
+    it 'should not be safelisted' do
+      expect(Rack::Attack.whitelisted?(request)).to be_falsy
+    end
+  end
+end