[openstreetmap/openstreetmap-website] Add rate limiting for changeset comments (PR #4202)

[Tom Hughes]

@tomhughes commented on this pull request.



> @@ -395,6 +395,19 @@ def max_friends_per_hour
     max_friends.clamp(0, Settings.max_friends_per_hour)
   end
 
+  def max_changeset_comments_per_hour
+    if moderator?
+      36000
+    else
+      previous_comments = changeset_comments.limit(200).count
+      active_reports = issues.with_status(:open).sum(:reports_count)
+      max_comments = previous_comments / 200.0 * Settings.max_changeset_comments_per_hour
+      max_comments = max_comments.floor.clamp(Settings.min_changeset_comments_per_hour, Settings.max_changeset_comments_per_hour)
+      max_comments /= 2**active_reports
+      max_comments.floor.clamp(1, Settings.max_changeset_comments_per_hour)
+    end

The minimum value is the minimum that will happen in normal operation - it will only go below that when the user is reported. Open to suggestions for alternate names though - the basic idea was that the limit ramps up from min to max but can be restricted by reports.

Obviously there is a potential issue with non-moderator power users as you say, though to paraphrase @woodpeck do we really want those people commenting on thousands of changesets and generating email storms?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4202#discussion_r1310034382
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4202/review/1602370387 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230830/537f9b6a/attachment-0001.htm>