disable Rack Attack in dev DO NOT MERGE ref #1168

michielbdejong · michielbdejong · commit a0c73ca606a3 · 2024-09-12T10:53:55.000+02:00
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -23,54 +23,54 @@ class Rack::Attack
   # Throttle all requests by IP (60rpm)
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
-  throttle('req/ip', limit: 300, period: 5.minutes) do |req|
-    req.ip # unless req.path.start_with?('/assets')
-  end
+  # throttle('req/ip', limit: 300, period: 5.minutes) do |req|
+  #   req.ip # unless req.path.start_with?('/assets')
+  # end
 
   # Throttle POST requests to */services by IP address
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:signups/ip:#{req.ip}"
 
   # FIXME: temporarily loosened this from 2 to 50 due to
   # https://github.com/tosdr/edit.tosdr.org/issues/929#issuecomment-743216243
-  throttle('services/ip', limit: 50, period: 10.minutes) do |req|
-    if req.path.end_with?('/services') && req.post?
-      req.ip
-    end
-  end
+  # throttle('services/ip', limit: 50, period: 10.minutes) do |req|
+  #   if req.path.end_with?('/services') && req.post?
+  #     req.ip
+  #   end
+  # end
 
   # FIXME: temporarily loosened this from 5 to 50 due to
   # https://github.com/tosdr/edit.tosdr.org/issues/929#issuecomment-743216243
-  throttle('points/ip', limit: 50, period: 10.minutes) do |req|
-    match = req.path.match(/^\/points\/(\w+)/)
-    if (req.patch? || req.put?) &&  !match.nil?
-      req.ip
-    end
-  end
-
-  throttle('throttle document creation', limit: 5, period: 10.minutes) do |req|
-    if req.path.end_with?('/documents') && req.post?
-      req.ip
-    end
-  end
+  # throttle('points/ip', limit: 50, period: 10.minutes) do |req|
+  #   match = req.path.match(/^\/points\/(\w+)/)
+  #   if (req.patch? || req.put?) &&  !match.nil?
+  #     req.ip
+  #   end
+  # end
+
+  # throttle('throttle document creation', limit: 5, period: 10.minutes) do |req|
+  #   if req.path.end_with?('/documents') && req.post?
+  #     req.ip
+  #   end
+  # end
 
   # FIXME: temporarily loosened this from 5 to 50 due to
   # https://github.com/tosdr/edit.tosdr.org/issues/929#issuecomment-743216243
-  throttle('throttle document updates', limit: 50, period: 10.minutes) do |req|
-    match = req.path.match(/^\/documents\/(\w+)/)
-    if (req.patch? || req.put?) &&  !match.nil?
-      req.ip
-    end
-  end
+  # throttle('throttle document updates', limit: 50, period: 10.minutes) do |req|
+  #   match = req.path.match(/^\/documents\/(\w+)/)
+  #   if (req.patch? || req.put?) &&  !match.nil?
+  #     req.ip
+  #   end
+  # end
 
   # FIXME: temporarily loosened this from 5 to 500 due to
   # https://github.com/tosdr/edit.tosdr.org/issues/929#issuecomment-743216243
-  throttle('document crawling + creation for specific services', limit: 500, period: 10.minutes) do |req|
-    match = req.path.match(/^\/documents\/(\w+)/)
-    if req.post? && !match.nil?
-      req.ip
-    end
-  end
+  # throttle('document crawling + creation for specific services', limit: 500, period: 10.minutes) do |req|
+  #   match = req.path.match(/^\/documents\/(\w+)/)
+  #   if req.post? && !match.nil?
+  #     req.ip
+  #   end
+  # end
 
 
 
@@ -86,11 +86,11 @@ class Rack::Attack
   # Throttle POST requests to /login by IP address
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:logins/ip:#{req.ip}"
-  throttle('logins/ip', limit: 5, period: 60.seconds) do |req|
-    if req.path == 'users/sign_in' && req.post?
-      req.ip
-    end
-  end
+  # throttle('logins/ip', limit: 5, period: 60.seconds) do |req|
+  #   if req.path == 'users/sign_in' && req.post?
+  #     req.ip
+  #   end
+  # end
 
   # Throttle POST requests to /login by email param
   #
@@ -100,12 +100,12 @@ class Rack::Attack
   # throttle logins for another user and force their login requests to be
   # denied, but that's not very common and shouldn't happen to you. (Knock
   # on wood!)
-  throttle("logins/email", limit: 5, period: 60.seconds) do |req|
-    if req.path == 'users/sign_in' && req.post?
-      # return the email if present, nil otherwise
-      req.params['email'].presence
-    end
-  end
+  # throttle("logins/email", limit: 5, period: 60.seconds) do |req|
+  #   if req.path == 'users/sign_in' && req.post?
+  #     # return the email if present, nil otherwise
+  #     req.params['email'].presence
+  #   end
+  # end
 
   ### Custom Throttle Response ###
 
