2016-06-03 15:07:40 +00:00
|
|
|
module Gitlab
|
|
|
|
|
module Auth
|
|
|
|
|
class IpRateLimiter
|
|
|
|
|
attr_reader :ip
|
|
|
|
|
|
|
|
|
|
def initialize(ip)
|
|
|
|
|
@ip = ip
|
|
|
|
|
@banned = false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def enabled?
|
|
|
|
|
config.enabled
|
|
|
|
|
end
|
2017-08-15 17:44:37 +00:00
|
|
|
|
2016-06-03 15:07:40 +00:00
|
|
|
def reset!
|
|
|
|
|
Rack::Attack::Allow2Ban.reset(ip, config)
|
|
|
|
|
end
|
2017-08-15 17:44:37 +00:00
|
|
|
|
2016-06-03 15:07:40 +00:00
|
|
|
def register_fail!
|
|
|
|
|
# Allow2Ban.filter will return false if this IP has not failed too often yet
|
|
|
|
|
@banned = Rack::Attack::Allow2Ban.filter(ip, config) do
|
|
|
|
|
# If we return false here, the failure for this IP is ignored by Allow2Ban
|
2016-06-03 15:14:13 +00:00
|
|
|
ip_can_be_banned?
|
2016-06-03 15:07:40 +00:00
|
|
|
end
|
|
|
|
|
end
|
2017-08-15 17:44:37 +00:00
|
|
|
|
2016-06-03 15:07:40 +00:00
|
|
|
def banned?
|
|
|
|
|
@banned
|
|
|
|
|
end
|
2017-08-15 17:44:37 +00:00
|
|
|
|
2016-06-03 15:07:40 +00:00
|
|
|
private
|
2017-08-15 17:44:37 +00:00
|
|
|
|
2016-06-03 15:07:40 +00:00
|
|
|
def config
|
|
|
|
|
Gitlab.config.rack_attack.git_basic_auth
|
|
|
|
|
end
|
2017-08-15 17:44:37 +00:00
|
|
|
|
2016-06-03 15:14:13 +00:00
|
|
|
def ip_can_be_banned?
|
2016-06-03 15:07:40 +00:00
|
|
|
config.ip_whitelist.exclude?(ip)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
