From 88090523fff30a8669492901f7b943d294dc9538 Mon Sep 17 00:00:00 2001 From: Thiago Youssef Date: Sun, 7 Aug 2022 11:31:58 -0300 Subject: [PATCH] Add rate limiting to missing actions --- app/controllers/epp/sessions_controller.rb | 2 +- .../repp/v1/registrar/accreditation_info_controller.rb | 7 +++++-- app/controllers/repp/v1/registrar/auth_controller.rb | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index 715b6d8f7..0667c9adc 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -3,7 +3,7 @@ module Epp skip_authorization_check only: [:hello, :login, :logout] before_action :set_paper_trail_whodunnit - THROTTLED_ACTIONS = %i[login].freeze + THROTTLED_ACTIONS = %i[login hello].freeze include Shunter::Integration::Throttle def hello diff --git a/app/controllers/repp/v1/registrar/accreditation_info_controller.rb b/app/controllers/repp/v1/registrar/accreditation_info_controller.rb index c55a561d2..dfb1fc3b0 100644 --- a/app/controllers/repp/v1/registrar/accreditation_info_controller.rb +++ b/app/controllers/repp/v1/registrar/accreditation_info_controller.rb @@ -3,8 +3,11 @@ module Repp module Registrar class AccreditationInfoController < BaseController if Feature.allow_accr_endspoints? - api :GET, 'repp/v1/registrar/accreditation/get_info' - desc 'check login user and return data' + THROTTLED_ACTIONS = %i[index].freeze + include Shunter::Integration::Throttle + + api :GET, 'repp/v1/registrar/accreditation/get_info' + desc 'check login user and return data' def index login = current_user diff --git a/app/controllers/repp/v1/registrar/auth_controller.rb b/app/controllers/repp/v1/registrar/auth_controller.rb index c5897bcea..5da1b3a38 100644 --- a/app/controllers/repp/v1/registrar/auth_controller.rb +++ b/app/controllers/repp/v1/registrar/auth_controller.rb @@ -6,7 +6,7 @@ module Repp skip_before_action :check_ip_restriction, only: :tara_callback skip_before_action :validate_client_certs, only: :tara_callback - THROTTLED_ACTIONS = %i[index].freeze + THROTTLED_ACTIONS = %i[index tara_callback].freeze include Shunter::Integration::Throttle api :GET, 'repp/v1/registrar/auth'