From 7f8110b6be5c486b71084fe6683594f1db2bbb23 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Sun, 25 Sep 2016 23:00:07 +0800
Subject: [PATCH] configure rack attack to allow 5r/s for the load_url_title
 route

---
 config/application.rb              |  2 ++
 config/initializers/rack-attack.rb | 15 +++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 config/initializers/rack-attack.rb

diff --git a/config/application.rb b/config/application.rb
index b629682a..96505b32 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -26,6 +26,8 @@ module Metamaps
       Doorkeeper::ApplicationController.helper ApplicationHelper
     end
 
+    config.middleware.use Rack::Attack
+
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
 
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb
new file mode 100644
index 00000000..6c23e151
--- /dev/null
+++ b/config/initializers/rack-attack.rb
@@ -0,0 +1,15 @@
+class Rack::Attack
+end
+
+Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+
+# Throttle requests to 5 requests per second per ip
+Rack::Attack.throttle('load_url_title/req/ip', :limit => 5, :period => 1.second) do |req|
+  # If the return value is truthy, the cache key for the return value
+  # is incremented and compared with the limit. In this case:
+  #   "rack::attack:#{Time.now.to_i/1.second}:load_url_title/req/ip:#{req.ip}"
+  #
+  # If falsy, the cache key is neither incremented nor checked.
+
+  req.ip if req.path === 'hacks/load_url_title'
+end