gitlab-org--gitlab-foss/lib/gitlab/auth/ip_rate_limiter.rb

# frozen_string_literal: true

module Gitlab
  module Auth
    class IpRateLimiter
      include ::Gitlab::Utils::StrongMemoize

      attr_reader :ip

      def initialize(ip)
        @ip = ip
      end

      def reset!
        return if skip_rate_limit?

        Rack::Attack::Allow2Ban.reset(ip, config)
      end

      def register_fail!
        return false if skip_rate_limit?

        # Allow2Ban.filter will return false if this IP has not failed too often yet
        Rack::Attack::Allow2Ban.filter(ip, config) do
          # We return true to increment the count for this IP
          true
        end
      end

      def banned?
        return false if skip_rate_limit?

        Rack::Attack::Allow2Ban.banned?(ip)
      end

      private

      def skip_rate_limit?
        !enabled? || trusted_ip?
      end

      def enabled?
        config.enabled
      end

      def config
        Gitlab.config.rack_attack.git_basic_auth
      end

      def trusted_ip?
        trusted_ips.any? { |netmask| netmask.include?(ip) }
      end

      def trusted_ips
        strong_memoize(:trusted_ips) do
          config.ip_whitelist.map do |proxy|
            IPAddr.new(proxy)
          rescue IPAddr::InvalidAddressError
          end.compact
        end
      end
    end
  end
end
Enable some frozen string in lib/gitlab Enable frozen string for the following files: * lib/gitlab/auth/*/.rb * lib/gitlab/badge/*/.rb * lib/gitlab/bare_repository_import/*/.rb * lib/gitlab/bitbucket_import/*/.rb * lib/gitlab/bitbucket_server_import/*/.rb * lib/gitlab/cache/*/.rb * lib/gitlab/checks/*/.rb Partially addresses #47424. 2018-10-11 16:12:21 -04:00			`# frozen_string_literal: true`

Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`module Gitlab`
			`module Auth`
			`class IpRateLimiter`
Support CIDR notation in IP rate limiter This will make it possible to whitelist multiple IP addresses (e.g. 192.168.0.1/24). 2019-06-27 18:44:46 -04:00			`include ::Gitlab::Utils::StrongMemoize`

Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`attr_reader :ip`

			`def initialize(ip)`
			`@ip = ip`
			`end`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`def reset!`
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`return if skip_rate_limit?`

Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`Rack::Attack::Allow2Ban.reset(ip, config)`
			`end`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`def register_fail!`
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`return false if skip_rate_limit?`
Add latest changes from gitlab-org/gitlab@master 2019-11-07 22:06:48 -05:00
Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`# Allow2Ban.filter will return false if this IP has not failed too often yet`
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`Rack::Attack::Allow2Ban.filter(ip, config) do`
Add latest changes from gitlab-org/gitlab@master 2019-11-07 22:06:48 -05:00			`# We return true to increment the count for this IP`
			`true`
Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`end`
			`end`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`def banned?`
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`return false if skip_rate_limit?`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`Rack::Attack::Allow2Ban.banned?(ip)`
Add latest changes from gitlab-org/gitlab@master 2019-11-07 22:06:48 -05:00			`end`

Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`private`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`def skip_rate_limit?`
			`!enabled? \|\| trusted_ip?`
			`end`

			`def enabled?`
			`config.enabled`
			`end`

Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`def config`
			`Gitlab.config.rack_attack.git_basic_auth`
			`end`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-03 16:06:23 -05:00			`def trusted_ip?`
			`trusted_ips.any? { \|netmask\| netmask.include?(ip) }`
			`end`

Support CIDR notation in IP rate limiter This will make it possible to whitelist multiple IP addresses (e.g. 192.168.0.1/24). 2019-06-27 18:44:46 -04:00			`def trusted_ips`
			`strong_memoize(:trusted_ips) do`
			`config.ip_whitelist.map do \|proxy\|`
			`IPAddr.new(proxy)`
			`rescue IPAddr::InvalidAddressError`
			`end.compact`
			`end`
Refactor Gitlab::Auth rate limiting 2016-06-03 11:07:40 -04:00			`end`
			`end`
			`end`
			`end`