@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Tweak rate limiting point counts for omnipotent users
Summary:
Ref T13008. We haven't hit any issues with this, but I can imagine we might in the future.
When one host makes an intracluster request to another host, the `$viewer` ends up as the omnipotent viewer. This viewer isn't logged in, so they'll currently accumulate rate limit points at a high rate.
Instead, don't give them any points. These requests are always legitimate, and if they originated from a user request, that request should be the one getting rate limited.
Test Plan: Browsed around.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13008
Differential Revision: https://secure.phabricator.com/D18708
+9
-1
+9
-1
support/startup/PhabricatorClientRateLimit.php
+9
-1
support/startup/PhabricatorClientRateLimit.php
···
35
35
// If the user was logged in, let them make more requests.
36
36
if (isset($request_state['viewer'])) {
37
37
$viewer = $request_state['viewer'];
38
-
if ($viewer->isLoggedIn()) {
38
+
if ($viewer->isOmnipotent()) {
39
+
// If the viewer was omnipotent, this was an intracluster request or
40
+
// some other kind of special request, so don't give it any points
41
+
// toward rate limiting.
42
+
$score = 0;
43
+
} else if ($viewer->isLoggedIn()) {
44
+
// If the viewer was logged in, give them fewer points than if they
45
+
// were logged out, since this traffic is much more likely to be
46
+
// legitimate.
39
47
$score = 0.25;
40
48
}
41
49
}