Merge branch '335300-rate-limit-for-unauthenticated-api-requests-2-add-api-columns' into 'master'

[2/5] Add `throttle_unauthenticated_api_*` columns to application settings

See merge request gitlab-org/gitlab!69384

app/helpers/application_settings_helper.rb

@@ -323,6 +323,9 @@ module ApplicationSettingsHelper
       :throttle_authenticated_files_api_enabled,
       :throttle_authenticated_files_api_period_in_seconds,
       :throttle_authenticated_files_api_requests_per_period,
+      :throttle_unauthenticated_api_enabled,
+      :throttle_unauthenticated_api_period_in_seconds,
+      :throttle_unauthenticated_api_requests_per_period,
       :throttle_unauthenticated_enabled,
       :throttle_unauthenticated_period_in_seconds,
       :throttle_unauthenticated_requests_per_period,

app/models/application_setting.rb

@@ -468,6 +468,14 @@ class ApplicationSetting < ApplicationRecord
             length: { maximum: 255, message: _('is too long (maximum is %{count} characters)') },
             allow_blank: true
 
+  validates :throttle_unauthenticated_api_requests_per_period,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :throttle_unauthenticated_api_period_in_seconds,
+            presence: true,
+            numericality: { only_integer: true, greater_than: 0 }
+
   validates :throttle_unauthenticated_requests_per_period,
             presence: true,
             numericality: { only_integer: true, greater_than: 0 }

app/models/application_setting_implementation.rb

@@ -181,6 +181,9 @@ module ApplicationSettingImplementation
         throttle_protected_paths_enabled: false,
         throttle_protected_paths_in_seconds: 10,
         throttle_protected_paths_per_period: 60,
+        throttle_unauthenticated_api_enabled: false,
+        throttle_unauthenticated_api_period_in_seconds: 3600,
+        throttle_unauthenticated_api_requests_per_period: 3600,
         throttle_unauthenticated_enabled: false,
         throttle_unauthenticated_period_in_seconds: 3600,
         throttle_unauthenticated_requests_per_period: 3600,

db/migrate/20210826170902_add_throttle_unauthenticated_api_columns.rb

+# frozen_string_literal: true
+
+class AddThrottleUnauthenticatedApiColumns < ActiveRecord::Migration[6.1]
+  def change
+    # The defaults match those from the current `throttle_unauthenticated_*` columns
+    add_column :application_settings, :throttle_unauthenticated_api_enabled, :boolean, default: false, null: false
+    add_column :application_settings, :throttle_unauthenticated_api_requests_per_period, :integer, default: 3600, null: false
+    add_column :application_settings, :throttle_unauthenticated_api_period_in_seconds, :integer, default: 3600, null: false
+  end
+end

db/post_migrate/20210826171758_initialize_throttle_unauthenticated_api_columns.rb

+# frozen_string_literal: true
+
+# Initialize the new `throttle_unauthenticated_api_*` columns with the current values
+# from the `throttle_unauthenticated_*` columns, which will now only apply to web requests.
+#
+# The columns for the unauthenticated web rate limit will be renamed later
+# in https://gitlab.com/gitlab-org/gitlab/-/issues/340031.
+class InitializeThrottleUnauthenticatedApiColumns < ActiveRecord::Migration[6.1]
+  class ApplicationSetting < ActiveRecord::Base
+    self.table_name = :application_settings
+  end
+
+  def up
+    ApplicationSetting.update_all(%q{
+      throttle_unauthenticated_api_enabled = throttle_unauthenticated_enabled,
+      throttle_unauthenticated_api_requests_per_period = throttle_unauthenticated_requests_per_period,
+      throttle_unauthenticated_api_period_in_seconds = throttle_unauthenticated_period_in_seconds
+    })
+  end
+
+  def down
+  end
+end

db/schema_migrations/20210826170902

+97536098a2d3b127c6e6b9c079d10d272552dc9064f6b23fb92482baffaac7db
\ No newline at end of file

db/schema_migrations/20210826171758

+96a8a87cc075b7a2bf3919d0c891fdfedb2a9b7bab6460b82bfb43a3f8abe3cf
\ No newline at end of file

db/structure.sql

@@ -10337,6 +10337,9 @@ CREATE TABLE application_settings (
     throttle_authenticated_git_lfs_period_in_seconds integer DEFAULT 60 NOT NULL,
     throttle_authenticated_git_lfs_enabled boolean DEFAULT false NOT NULL,
     user_deactivation_emails_enabled boolean DEFAULT true NOT NULL,
+    throttle_unauthenticated_api_enabled boolean DEFAULT false NOT NULL,
+    throttle_unauthenticated_api_requests_per_period integer DEFAULT 3600 NOT NULL,
+    throttle_unauthenticated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
     CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),

spec/models/application_setting_spec.rb

@@ -927,6 +927,8 @@ RSpec.describe ApplicationSetting do
     context 'throttle_* settings' do
       where(:throttle_setting) do
         %i[
+          throttle_unauthenticated_api_requests_per_period
+          throttle_unauthenticated_api_period_in_seconds
           throttle_unauthenticated_requests_per_period
           throttle_unauthenticated_period_in_seconds
           throttle_authenticated_api_requests_per_period

spec/services/application_settings/update_service_spec.rb

@@ -345,6 +345,9 @@ RSpec.describe ApplicationSettings::UpdateService do
         throttle_authenticated_web_enabled: true,
         throttle_authenticated_web_period_in_seconds: 30,
         throttle_authenticated_web_requests_per_period: 40,
+        throttle_unauthenticated_api_enabled: true,
+        throttle_unauthenticated_api_period_in_seconds: 50,
+        throttle_unauthenticated_api_requests_per_period: 60,
         throttle_unauthenticated_enabled: true,
         throttle_unauthenticated_period_in_seconds: 50,
         throttle_unauthenticated_requests_per_period: 60