[openstreetmap/openstreetmap-website] Add rate limiting for changeset comments (PR #4202)
Andy Allan
notifications at github.com
Wed Aug 30 10:22:40 UTC 2023
@gravitystorm commented on this pull request.
> @@ -395,6 +395,19 @@ def max_friends_per_hour
max_friends.clamp(0, Settings.max_friends_per_hour)
end
+ def max_changeset_comments_per_hour
+ if moderator?
+ 36000
+ else
+ previous_comments = changeset_comments.limit(200).count
+ active_reports = issues.with_status(:open).sum(:reports_count)
+ max_comments = previous_comments / 200.0 * Settings.max_changeset_comments_per_hour
+ max_comments = max_comments.floor.clamp(Settings.min_changeset_comments_per_hour, Settings.max_changeset_comments_per_hour)
+ max_comments /= 2**active_reports
+ max_comments.floor.clamp(1, Settings.max_changeset_comments_per_hour)
+ end
> Obviously there is a potential issue with non-moderator power users as you say, though to paraphrase @woodpeck do we really want those people commenting on thousands of changesets and generating email storms?
:smile: Although if good stuff can be done outside of DWG, more power to them! But in this case, a power user can be prevented from making more than `1` changeset comment per hour, by only a few (bogus) reports.
For naming, my suggestion would be:
* `min_changeset_comments_per_hour` = 1
* `default_changeset_comments_per_hour` = 6
* `max_changeset_comments_per_hour` = 200
* `moderator_changeset_comments_per_hour` = 36_000
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4202#discussion_r1310045709
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4202/review/1602385596 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230830/1dcb32b5/attachment.htm>
More information about the rails-dev
mailing list