suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #281 from travis-ci/igor-github-rate-limit

Browse Source 
safelist build status image requests coming from github
This commit is contained in:
Joe Corcoran 2016-06-30 15:31:57 +02:00 committed by GitHub
commit bed317b109
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/travis/api/attack.rb
View File

@ -25,18 +25,24 @@ class Rack::Attack
end end
end end
POST_WHITELISTED = [ POST_SAFELIST = [
"/auth/handshake", "/auth/handshake",
"/auth/post_message", "/auth/post_message",
"/auth/post_message/iframe" "/auth/post_message/iframe"
] ]
IMAGE_PATTERN = /^\/([a-z0-9_-]+)\/([a-z0-9_-]+)\.(png|svg)$/
#### ####
# Whitelisted IP addresses # Whitelisted IP addresses
whitelist('whitelist client requesting from redis') do |request| whitelist('whitelist client requesting from redis') do |request|
Travis.redis.sismember(:api_whitelisted_ips, request.ip) Travis.redis.sismember(:api_whitelisted_ips, request.ip)
end end
whitelist('safelist build status images when requested by github') do |request|
request.user_agent and request.user_agent.start_with?('github-camo') and IMAGE_PATTERN.match(request.path)
end
#### ####
# Ban based on: IP address # Ban based on: IP address
# Ban time: indefinite # Ban time: indefinite
@ -61,7 +67,7 @@ class Rack::Attack
# Ban after: 10 POST requests within 30 seconds # Ban after: 10 POST requests within 30 seconds
blacklist('spamming with POST requests') do |request| blacklist('spamming with POST requests') do |request|
Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do
request.post? and not POST_WHITELISTED.include? request.path request.post? and not POST_SAFELIST.include? request.path
end end
end end