FEATURE: Rate limit exceptions via ENV (PR #14033)

Allow admins to configure exceptions to our Rails rate limiter.

Configuration happens in the environment variables, and work with both IPs and CIDR blocks.

Example:

env:
  DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS: >-
    14.15.16.32/27
    216.148.1.2

GitHub

I think this might be cleaner as a GlobalSetting, rather than directly accessing ENV? IIRC that’s how we do things like this elsewhere.

I tried that at first, but GlobalSetting isn’t available at the time this is set :(. Open to ideas on how to lazily set that in more ergonomic way.

GlobalSetting isn’t available at the time this is set

Ahh I see, makes sense :+1:

I don’t think we should check in this file?

This seems quite good to me. I think it will help out a lot in some cases.

Open to ideas on how to lazily set that in more ergonomic way.

Perhaps we can move it into a method and memoize the value using a class variable.

Also, I’m wondering why we need to use a class variable here when a constant would work. That way, we can easily stub out the constant in our tests and do no need the two methods declared below for testing purposes.

The description is slightly confusing here because we’re not describing the context of the tests here.

@xfalcox this causes the following warning in the console:

discourse/lib/middleware/request_tracker.rb:19: warning: already initialized constant Middleware::RequestTracker::STATIC_IP_SKIPPER
discourse/lib/middleware/request_tracker.rb:19: warning: previous definition of STATIC_IP_SKIPPER was here

@xfalcox this causes the following warning in the console:

discourse/lib/middleware/request_tracker.rb:19: warning: already initialized constant Middleware::RequestTracker::STATIC_IP_SKIPPER
discourse/lib/middleware/request_tracker.rb:19: warning: previous definition of STATIC_IP_SKIPPER was here

How to trigger it? Is it while running tests?

By opening a production rails console. Curiously, it doesn’t happen in dev env.

Hmmmm I can’t repro it in a droplet install…

root@falcoland-app2:/var/www/discourse# rails c
[1] pry(main)>