Merge pull request 'Harden rate limiter to deal with configuration issues' (#7795) from gitlab-mr-iid-4418 into develop

Reviewed-on: https://git.pleroma.social/pleroma/pleroma/pulls/7795
2026-03-25 19:55:08 +00:00 · 2026-03-25 19:55:08 +00:00 · 63c9c7ea92
commit 63c9c7ea92
parent d1bd24ba64 b9c281a0c3
6 changed files with 226 additions and 1 deletions
--- a/test/pleroma/web/plugs/rate_limiter_test.exs
+++ b/test/pleroma/web/plugs/rate_limiter_test.exs
@ -268,6 +268,23 @@ defmodule Pleroma.Web.Plugs.RateLimiterTest do
    refute {:err, :not_found} == RateLimiter.inspect_bucket(conn, limiter_name, opts)
  end

+  test "doesn't crash if rate limit scale is invalid (e.g. broken DB config)" do
+    limiter_name = :test_invalid_rate_limit_config
+
+    clear_config([:rate_limit, limiter_name], [{"", 0}, {"", ""}])
+    clear_config([Pleroma.Web.Endpoint, :http, :ip], {8, 8, 8, 8})
+
+    opts = RateLimiter.init(name: limiter_name)
+
+    conn = %{build_conn(:get, "/") | remote_ip: {127, 0, 0, 1}}
+
+    conn_limited = RateLimiter.call(conn, opts)
+
+    refute conn_limited.status == Conn.Status.code(:too_many_requests)
+    refute conn_limited.resp_body
+    refute conn_limited.halted
+  end
+
  def expire_ttl(%{remote_ip: remote_ip} = _conn, bucket_name_root) do
    bucket_name = "anon:#{bucket_name_root}" |> String.to_atom()
    key_name = "ip::#{remote_ip |> Tuple.to_list() |> Enum.join(".")}"