From 09b01c756069058e02ba4fc9f5f53a534aef3fe3 Mon Sep 17 00:00:00 2001
From: Michael Kozono <mkozono@gmail.com>
Date: Tue, 17 Oct 2017 12:40:09 -0400
Subject: [PATCH] Don't add methods to Rack::Attack

---
 config/initializers/rack_attack_global.rb | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/config/initializers/rack_attack_global.rb b/config/initializers/rack_attack_global.rb
index cf87310d7b7..9453df2ec5a 100644
--- a/config/initializers/rack_attack_global.rb
+++ b/config/initializers/rack_attack_global.rb
@@ -1,40 +1,42 @@
-class Rack::Attack
+module Gitlab::Throttle
   def self.settings
     Gitlab::CurrentSettings.current_application_settings
   end
 
-  def self.throttle_unauthenticated_options
+  def self.unauthenticated_options
     limit_proc = proc { |req| settings.throttle_unauthenticated_requests_per_period }
     period_proc = proc { |req| settings.throttle_unauthenticated_period_in_seconds.seconds }
     { limit: limit_proc, period: period_proc }
   end
 
-  def self.throttle_authenticated_api_options
+  def self.authenticated_api_options
     limit_proc = proc { |req| settings.throttle_authenticated_api_requests_per_period }
     period_proc = proc { |req| settings.throttle_authenticated_api_period_in_seconds.seconds }
     { limit: limit_proc, period: period_proc }
   end
 
-  def self.throttle_authenticated_web_options
+  def self.authenticated_web_options
     limit_proc = proc { |req| settings.throttle_authenticated_web_requests_per_period }
     period_proc = proc { |req| settings.throttle_authenticated_web_period_in_seconds.seconds }
     { limit: limit_proc, period: period_proc }
   end
+end
 
-  throttle('throttle_unauthenticated', throttle_unauthenticated_options) do |req|
-    settings.throttle_unauthenticated_enabled &&
+class Rack::Attack
+  throttle('throttle_unauthenticated', Gitlab::Throttle.unauthenticated_options) do |req|
+    Gitlab::Throttle.settings.throttle_unauthenticated_enabled &&
       req.unauthenticated? &&
       req.ip
   end
 
-  throttle('throttle_authenticated_api', throttle_authenticated_api_options) do |req|
-    settings.throttle_authenticated_api_enabled &&
+  throttle('throttle_authenticated_api', Gitlab::Throttle.authenticated_api_options) do |req|
+    Gitlab::Throttle.settings.throttle_authenticated_api_enabled &&
       req.api_request? &&
       req.authenticated_user_id
   end
 
-  throttle('throttle_authenticated_web', throttle_authenticated_web_options) do |req|
-    settings.throttle_authenticated_web_enabled &&
+  throttle('throttle_authenticated_web', Gitlab::Throttle.authenticated_web_options) do |req|
+    Gitlab::Throttle.settings.throttle_authenticated_web_enabled &&
       req.web_request? &&
       req.authenticated_user_id
   end