Add rate limiting to all repp actions

app/controllers/repp/v1/accounts_controller.rb

@@ -3,6 +3,9 @@ module Repp
     class AccountsController < BaseController # rubocop:disable Metrics/ClassLength
       load_and_authorize_resource
 
+      THROTTLED_ACTIONS = %i[index balance details update_auto_reload_balance disable_auto_reload_balance switch_user update].freeze
+      include Shunter::Integration::Throttle
+
       api :get, '/repp/v1/accounts'
       desc 'Get all activities'
       def index

app/controllers/repp/v1/base_controller.rb

@@ -27,6 +27,10 @@ module Repp
         @response = { code: 2201, message: 'Authorization error' }
         logger.error e.to_s
         render(json: @response, status: :unauthorized)
+      rescue Shunter::ThrottleError => e
+        @response = { code: 2502, message: Shunter.default_error_message }
+        logger.error e.to_s
+        render(json: @response, status: :bad_request)
       ensure
         create_repp_log
       end
@@ -167,6 +171,11 @@ module Repp
         data[:abilities] = Ability.new(current_user).permissions
         data
       end
+
+      def throttled_user
+        authorize!(:throttled_user, @domain) unless current_user
+        current_user
+      end
     end
   end
 end

app/controllers/repp/v1/contacts_controller.rb

@@ -5,6 +5,9 @@ module Repp
       before_action :find_contact, only: %i[show update destroy]
       skip_around_action :log_request, only: :search
 
+      THROTTLED_ACTIONS = %i[index check search create show update destroy].freeze
+      include Shunter::Integration::Throttle
+
       api :get, '/repp/v1/contacts'
       desc 'Get all existing contacts'
       def index

app/controllers/repp/v1/domains/admin_contacts_controller.rb

@@ -2,6 +2,9 @@ module Repp
   module V1
     module Domains
       class AdminContactsController < BaseContactsController
+        THROTTLED_ACTIONS = %i[update].freeze
+        include Shunter::Integration::Throttle
+
         def update
           super
 

app/controllers/repp/v1/domains/contacts_controller.rb

@@ -4,6 +4,9 @@ module Repp
       class ContactsController < BaseContactsController
         before_action :set_domain, only: %i[index create destroy]
 
+        THROTTLED_ACTIONS = %i[index create destroy update].freeze
+        include Shunter::Integration::Throttle
+
         def_param_group :contacts_apidoc do
           param :contacts, Array, required: true, desc: 'Array of new linked contacts' do
             param :code, String, required: true, desc: 'Contact code'

app/controllers/repp/v1/domains/dnssec_controller.rb

@@ -4,6 +4,9 @@ module Repp
       class DnssecController < BaseController
         before_action :set_domain, only: %i[index create destroy]
 
+        THROTTLED_ACTIONS = %i[index create destroy].freeze
+        include Shunter::Integration::Throttle
+
         def_param_group :dns_keys_apidoc do
           param :flags, String, required: true, desc: '256 (KSK) or 257 (ZSK)'
           param :protocol, String, required: true, desc: 'Key protocol (3)'

app/controllers/repp/v1/domains/nameservers_controller.rb

@@ -5,6 +5,9 @@ module Repp
         before_action :set_domain, only: %i[index create destroy]
         before_action :set_nameserver, only: %i[destroy]
 
+        THROTTLED_ACTIONS = %i[index create destroy].freeze
+        include Shunter::Integration::Throttle
+
         api :GET, '/repp/v1/domains/:domain_name/nameservers'
         desc "Get domain's nameservers"
         def index

app/controllers/repp/v1/domains/renews_controller.rb

@@ -6,6 +6,9 @@ module Repp
         before_action :select_renewable_domains, only: [:bulk_renew]
         before_action :set_domain, only: [:create]
 
+        THROTTLED_ACTIONS = %i[create bulk_renew].freeze
+        include Shunter::Integration::Throttle
+
         api :POST, 'repp/v1/domains/:domain_name/renew'
         desc 'Renew domain'
         param :renews, Hash, required: true, desc: 'Renew parameters' do

app/controllers/repp/v1/domains/statuses_controller.rb

@@ -5,6 +5,9 @@ module Repp
         before_action :set_domain, only: %i[update destroy]
         before_action :verify_status
 
+        THROTTLED_ACTIONS = %i[update destroy].freeze
+        include Shunter::Integration::Throttle
+
         api :DELETE, '/repp/v1/domains/:domain_name/statuses/:status'
         param :domain_name, String, desc: 'Domain name'
         desc 'Remove status from specific domain'

app/controllers/repp/v1/domains/transfers_controller.rb

@@ -4,6 +4,9 @@ module Repp
       class TransfersController < BaseController
         before_action :set_domain, only: [:create]
 
+        THROTTLED_ACTIONS = %i[create].freeze
+        include Shunter::Integration::Throttle
+
         api :POST, 'repp/v1/domains/:domain_name/transfer'
         desc 'Transfer a specific domain'
         param :transfer, Hash, required: true, desc: 'Renew parameters' do

app/controllers/repp/v1/domains_controller.rb

@@ -8,6 +8,9 @@ module Repp
       before_action :forward_registrar_id, only: %i[create update destroy]
       before_action :set_domain, only: %i[update]
 
+      THROTTLED_ACTIONS = %i[transfer_info transfer index create show update destroy].freeze
+      include Shunter::Integration::Throttle
+
       api :GET, '/repp/v1/domains'
       desc 'Get all existing domains'
       def index

app/controllers/repp/v1/invoices_controller.rb

@@ -4,6 +4,9 @@ module Repp
     class InvoicesController < BaseController # rubocop:disable Metrics/ClassLength
       load_and_authorize_resource
 
+      THROTTLED_ACTIONS = %i[download add_credit send_to_recipient cancel index show].freeze
+      include Shunter::Integration::Throttle
+
       # rubocop:disable Metrics/MethodLength
       api :get, '/repp/v1/invoices'
       desc 'Get all invoices'

app/controllers/repp/v1/registrar/auth_controller.rb

@@ -6,6 +6,9 @@ module Repp
         skip_before_action :check_ip_restriction, only: :tara_callback
         skip_before_action :validate_client_certs, only: :tara_callback
 
+        THROTTLED_ACTIONS = %i[index].freeze
+        include Shunter::Integration::Throttle
+
         api :GET, 'repp/v1/registrar/auth'
         desc 'check user auth info and return data'
         def index

app/controllers/repp/v1/registrar/nameservers_controller.rb

@@ -4,6 +4,9 @@ module Repp
       class NameserversController < BaseController
         before_action :verify_nameserver_existance, only: %i[update]
 
+        THROTTLED_ACTIONS = %i[put].freeze
+        include Shunter::Integration::Throttle
+
         api :PUT, 'repp/v1/registrar/nameservers'
         desc 'bulk nameserver change'
         param :data, Hash, required: true, desc: 'Object holding nameserver changes' do

app/controllers/repp/v1/registrar/notifications_controller.rb

@@ -4,6 +4,9 @@ module Repp
       class NotificationsController < BaseController
         before_action :set_notification, only: %i[update show]
 
+        THROTTLED_ACTIONS = %i[all_notifications index show update].freeze
+        include Shunter::Integration::Throttle
+
         api :GET, '/repp/v1/registrar/notifications'
         desc 'Get the latest unread poll message'
         def index

app/controllers/repp/v1/registrar/summary_controller.rb

@@ -2,6 +2,9 @@ module Repp
   module V1
     module Registrar
       class SummaryController < BaseController
+        THROTTLED_ACTIONS = %i[index].freeze
+        include Shunter::Integration::Throttle
+
         api :GET, 'repp/v1/registrar/summary'
         desc 'check user summary info and return data'