From 9d85e8b43eb3e4d6f76ed5a86d1c396a0d80dfb6 Mon Sep 17 00:00:00 2001
From: i5heu <i5heu@i5h.eu>
Date: Mon, 27 May 2024 12:29:01 +0000
Subject: [PATCH] Increase rate-limit for authenticated users on media proxy
 endpoints

---
 config/initializers/rack_attack.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index fa1bdca5448..0e6659f16cb 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -82,8 +82,12 @@ class Rack::Attack
     req.authenticated_user_id if req.post? && req.path.match?(%r{\A/api/v\d+/media\z}i)
   end
 
-  throttle('throttle_media_proxy', limit: 30, period: 10.minutes) do |req|
-    req.throttleable_remote_ip if req.path.start_with?('/media_proxy')
+  throttle('throttle_authenticated_media_proxy', limit: 200, period: 10.minutes) do |req|
+    req.authenticated_user_id if req.path.start_with?('/media_proxy')
+  end
+
+  throttle('throttle_unauthenticated_media_proxy', limit: 30, period: 10.minutes) do |req|
+    req.throttleable_remote_ip if req.path.start_with?('/media_proxy') && req.unauthenticated?
   end
 
   throttle('throttle_api_sign_up', limit: 5, period: 30.minutes) do |req|