diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example index bc3234bf0b68d05f500d6149c6bb4efc19c2357f..332865d2881a0a3ad868356cbc4da107ba9ded3e 100644 --- a/config/initializers/rack_attack.rb.example +++ b/config/initializers/rack_attack.rb.example @@ -8,11 +8,19 @@ paths_to_be_protected = [ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", "#{Rails.application.config.relative_url_root}/users", - "#{Rails.application.config.relative_url_root}/users/confirmation" + "#{Rails.application.config.relative_url_root}/users/confirmation", + "#{Rails.application.config.relative_url_root}/unsubscribes/" + ] +# Create one big regular expression that matches strings starting with any of +# the paths_to_be_protected. +paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) + unless Rails.env.test? Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| - req.ip if paths_to_be_protected.include?(req.path) && req.post? + if req.post? && req.path =~ paths_regex + req.ip + end end end