Add `throttle_unauthenticated_api_*` columns to application settings

This adds new columns for the rate limit settings for unauthenticated API requests. The new settings aren't used yet, this will be added in future MRs along with the changes to the UI and docs. Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/335300 Changelog: added

Add `throttle_unauthenticated_api_*` columns to application settings
This adds new columns for the rate limit settings for unauthenticated API requests. The new settings aren't used yet, this will be added in future MRs along with the changes to the UI and docs. Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/335300 Changelog: added
004732b0 · Markus Koller · cbc14bb5 · 004732b0 · 004732b0 · 004732b0
Commit 004732b0 authored Sep 01, 2021 by Markus Koller
10 changed files
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -323,6 +323,9 @@ module ApplicationSettingsHelper
      :throttle_authenticated_files_api_enabled,
      :throttle_authenticated_files_api_period_in_seconds,
      :throttle_authenticated_files_api_requests_per_period,
+      :throttle_unauthenticated_api_enabled,
+      :throttle_unauthenticated_api_period_in_seconds,
+      :throttle_unauthenticated_api_requests_per_period,
      :throttle_unauthenticated_enabled,
      :throttle_unauthenticated_period_in_seconds,
      :throttle_unauthenticated_requests_per_period,

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -468,6 +468,14 @@ class ApplicationSetting < ApplicationRecord
            length: { maximum: 255, message: _('is too long (maximum is %{count} characters)') },
            allow_blank: true

+  validates :throttle_unauthenticated_api_requests_per_period,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_unauthenticated_api_period_in_seconds,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
  validates :throttle_unauthenticated_requests_per_period,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -181,6 +181,9 @@ module ApplicationSettingImplementation
        throttle_protected_paths_enabled: false,
        throttle_protected_paths_in_seconds: 10,
        throttle_protected_paths_per_period: 60,
+        throttle_unauthenticated_api_enabled: false,
+        throttle_unauthenticated_api_period_in_seconds: 3600,
+        throttle_unauthenticated_api_requests_per_period: 3600,
        throttle_unauthenticated_enabled: false,
        throttle_unauthenticated_period_in_seconds: 3600,
        throttle_unauthenticated_requests_per_period: 3600,

--- a/db/migrate/20210826170902_add_throttle_unauthenticated_api_columns.rb
+++ b/db/migrate/20210826170902_add_throttle_unauthenticated_api_columns.rb
+# frozen_string_literal: true
+
+class AddThrottleUnauthenticatedApiColumns < ActiveRecord::Migration[6.1]
+  def change
+    # The defaults match those from the current `throttle_unauthenticated_*` columns
+    add_column :application_settings, :throttle_unauthenticated_api_enabled, :boolean, default: false, null: false
+    add_column :application_settings, :throttle_unauthenticated_api_requests_per_period, :integer, default: 3600, null: false
+    add_column :application_settings, :throttle_unauthenticated_api_period_in_seconds, :integer, default: 3600, null: false
+  end
+end
--- a/db/post_migrate/20210826171758_initialize_throttle_unauthenticated_api_columns.rb
+++ b/db/post_migrate/20210826171758_initialize_throttle_unauthenticated_api_columns.rb
+# frozen_string_literal: true
+
+# Initialize the new `throttle_unauthenticated_api_*` columns with the current values
+# from the `throttle_unauthenticated_*` columns, which will now only apply to web requests.
+#
+# The columns for the unauthenticated web rate limit will be renamed later
+# in https://gitlab.com/gitlab-org/gitlab/-/issues/340031.
+class InitializeThrottleUnauthenticatedApiColumns < ActiveRecord::Migration[6.1]
+  class ApplicationSetting < ActiveRecord::Base
+    self.table_name = :application_settings
+  end
+
+  def up
+    ApplicationSetting.update_all(%q{
+      throttle_unauthenticated_api_enabled = throttle_unauthenticated_enabled,
+      throttle_unauthenticated_api_requests_per_period = throttle_unauthenticated_requests_per_period,
+      throttle_unauthenticated_api_period_in_seconds = throttle_unauthenticated_period_in_seconds
+    })
+  end
+
+  def down
+  end
+end
--- a/db/schema_migrations/20210826170902
+++ b/db/schema_migrations/20210826170902
+97536098a2d3b127c6e6b9c079d10d272552dc9064f6b23fb92482baffaac7db
\ No newline at end of file
--- a/db/schema_migrations/20210826171758
+++ b/db/schema_migrations/20210826171758
+96a8a87cc075b7a2bf3919d0c891fdfedb2a9b7bab6460b82bfb43a3f8abe3cf
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -10337,6 +10337,9 @@ CREATE TABLE application_settings (
    throttle_authenticated_git_lfs_period_in_seconds integer DEFAULT 60 NOT NULL,
    throttle_authenticated_git_lfs_enabled boolean DEFAULT false NOT NULL,
    user_deactivation_emails_enabled boolean DEFAULT true NOT NULL,
+    throttle_unauthenticated_api_enabled boolean DEFAULT false NOT NULL,
+    throttle_unauthenticated_api_requests_per_period integer DEFAULT 3600 NOT NULL,
+    throttle_unauthenticated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
    CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
    CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
    CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -927,6 +927,8 @@ RSpec.describe ApplicationSetting do
    context 'throttle_* settings' do
      where(:throttle_setting) do
        %i[
+          throttle_unauthenticated_api_requests_per_period
+          throttle_unauthenticated_api_period_in_seconds
          throttle_unauthenticated_requests_per_period
          throttle_unauthenticated_period_in_seconds
          throttle_authenticated_api_requests_per_period

--- a/spec/services/application_settings/update_service_spec.rb
+++ b/spec/services/application_settings/update_service_spec.rb
@@ -345,6 +345,9 @@ RSpec.describe ApplicationSettings::UpdateService do
        throttle_authenticated_web_enabled: true,
        throttle_authenticated_web_period_in_seconds: 30,
        throttle_authenticated_web_requests_per_period: 40,
+        throttle_unauthenticated_api_enabled: true,
+        throttle_unauthenticated_api_period_in_seconds: 50,
+        throttle_unauthenticated_api_requests_per_period: 60,
        throttle_unauthenticated_enabled: true,
        throttle_unauthenticated_period_in_seconds: 50,
        throttle_unauthenticated_requests_per_period: 60