Class: Gitlab::Auth::UniqueIpsLimiter

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/unique_ips_limiter.rb

Constant Summary collapse

USER_UNIQUE_IPS_PREFIX = 
'user_unique_ips'

Class Method Summary collapse

Class Method Details

.configObject 



34
35
36
 
# File 'lib/gitlab/auth/unique_ips_limiter.rb', line 34

def config
  Gitlab::CurrentSettings.current_application_settings
end

.limit_user!(user = nil) ⇒ Object 



28
29
30
31
32
 
# File 'lib/gitlab/auth/unique_ips_limiter.rb', line 28

def limit_user!(user = nil)
  user ||= yield if block_given?
  limit_user_id!(user.id) unless user.nil?
  user
end

.limit_user_id!(user_id) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/gitlab/auth/unique_ips_limiter.rb', line 9

def limit_user_id!(user_id)
  if config.unique_ips_limit_enabled
    ip = RequestContext.instance.client_ip
    unique_ips = update_and_return_ips_count(user_id, ip)

    if unique_ips > config.unique_ips_limit_per_user
      Gitlab::AuthLogger.error(
        message: 'too_many_ips',
        remote_ip: ip,
        unique_ips_count: unique_ips,
        user_id: user_id,
        **Gitlab::ApplicationContext.current
      )

      raise TooManyIps.new(user_id, ip, unique_ips)
    end
  end
end

.update_and_return_ips_count(user_id, ip) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/gitlab/auth/unique_ips_limiter.rb', line 38

def update_and_return_ips_count(user_id, ip)
  time = Time.now.utc.to_i
  key = "#{USER_UNIQUE_IPS_PREFIX}:#{user_id}"

  Gitlab::Redis::SharedState.with do |redis|
    redis.multi do |r|
      r.zadd(key, time, ip.to_s)
      r.zremrangebyscore(key, 0, time - config.unique_ips_limit_time_window)
      r.zcard(key)
    end.last
  end
end