[openstreetmap/openstreetmap-website] Add rate limiting for changeset comments (PR #4202)

[Mateusz Konieczny]

@matkoniecz commented on this pull request.



> @@ -395,6 +395,19 @@ def max_friends_per_hour
     max_friends.clamp(0, Settings.max_friends_per_hour)
   end
 
+  def max_changeset_comments_per_hour
+    if moderator?
+      36000
+    else
+      previous_comments = changeset_comments.limit(200).count
+      active_reports = issues.with_status(:open).sum(:reports_count)
+      max_comments = previous_comments / 200.0 * Settings.max_changeset_comments_per_hour
+      max_comments = max_comments.floor.clamp(Settings.min_changeset_comments_per_hour, Settings.max_changeset_comments_per_hour)
+      max_comments /= 2**active_reports
+      max_comments.floor.clamp(1, Settings.max_changeset_comments_per_hour)
+    end

> But in this case, a power user can be prevented from making more than 1 changeset comment per hour, by only a few (bogus) reports.

Maybe like proposed in https://github.com/openstreetmap/openstreetmap-website/issues/2342#issuecomment-1694650004 it would be possible to count how many users made reports against account, not simply how many reports were made? So simply making 100 bogus reports will not have so serious effects.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4202#discussion_r1310097388
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4202/review/1602454825 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230830/9e36cfb2/attachment.htm>