[openstreetmap/openstreetmap-website] Add rate limiting for changeset comments (PR #4202)

[Andy Allan]

@gravitystorm commented on this pull request.



> @@ -17,6 +17,7 @@ def create
       # Check the arguments are sane
       raise OSM::APIBadUserInput, "No id was given" unless params[:id]
       raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
+      raise OSM::APIRateLimitExceeded if current_user.changeset_comments.where("created_at >= ?", Time.now.utc - 1.hour).count >= current_user.max_changeset_comments_per_hour

might be better slightly abstracted - e.g. `raise OSM::APIRateLimitExceeded if rate_limit_exceeded` and the details put elsewhere, just to make the method easier to read. 

I know we have the method complexity metrics effectively disabled in rubocop, otherwise I'm sure it would have flagged this.

(I'd also like to share limits between api vs website controllers in the long run, and so making reusable methods would be handy).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4202#pullrequestreview-1602341521
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4202/review/1602341521 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230830/898d52a3/attachment.htm>