submit-social-housing-letti.../config/initializers/rack_attack.rb

require "configuration/configuration_service"
require "configuration/paas_configuration_service"
require "configuration/env_configuration_service"
require Rails.root.join("app/helpers/platform_helper")

configuration_service = PlatformHelper.is_paas? ? Configuration::PaasConfigurationService.new : Configuration::EnvConfigurationService.new

if Rails.env.development? || Rails.env.test?
  Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
  Rack::Attack.enabled = false
elsif Rails.env.review?
  redis_url = configuration_service.redis_uris.to_a[0][1]
  Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(url: redis_url)
else
  redis_url = PlatformHelper.is_paas? ? configuration_service.redis_uris[:"dluhc-core-#{Rails.env}-redis"] : configuration_service.redis_uris.to_a[0][1]
  Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(url: redis_url)
end

Rack::Attack.throttle("password reset requests", limit: 5, period: 60.seconds) do |request|
  if request.params["user"].present? && request.path == "/account/password" && request.post?
    request.params["user"]["email"].to_s.downcase.gsub(/\s+/, "")
  end
end

Rack::Attack.throttle("admin password reset requests", limit: 5, period: 60.seconds) do |request|
  if request.params["admin_user"].present? && request.path == "/admin/password" && request.post?
    request.params["admin_user"]["email"].to_s.downcase.gsub(/\s+/, "")
  end
end

Rack::Attack.throttled_responder = lambda do |_env|
  headers = {
    "Location" => "/429",
  }
  [301, headers, []]
end
CLDC-1520: Support external S3 configuration (#835) * Move storage classes into a dedicated module * Move configuration classes into a dedicated module * Refactor configuration service * Implement configuration via env variables 2 years ago			`require "configuration/configuration_service"`
			`require "configuration/paas_configuration_service"`
CLDC-2539: configure application for PaaS and AWS (#1822) * feat: update application to use non paas and paas configuration services, add helper to determine if platform is paas feat: don't double-instantiate the configuration service feat: add self. to is_paas? definition, and require module in rack_attack chore: lint * test: update suite to work with new paas/env config service logic test: new PlatformHelper * fix: update full import tests to check paas and non-paas config services * fix: update test descriptions and remove unrequired line --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`require "configuration/env_configuration_service"`
			`require Rails.root.join("app/helpers/platform_helper")`

			`configuration_service = PlatformHelper.is_paas? ? Configuration::PaasConfigurationService.new : Configuration::EnvConfigurationService.new`
Fix dependencies at boot time (#359) 3 years ago
CLDC-1015: limit password reset (#356) * Add a failing test (for a wrong reason) * Is that correct? * Add rack attack config for reset password * Add support to read redis configuration * Add PaaS configuration for redis * Add too many requests page * Redirect to the too many requests error page * update manifest Co-authored-by: Stéphane Meny <smeny@users.noreply.github.com> 3 years ago			`if Rails.env.development? \|\| Rails.env.test?`
			`Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new`
			`Rack::Attack.enabled = false`
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`elsif Rails.env.review?`
CLDC-2539: configure application for PaaS and AWS (#1822) * feat: update application to use non paas and paas configuration services, add helper to determine if platform is paas feat: don't double-instantiate the configuration service feat: add self. to is_paas? definition, and require module in rack_attack chore: lint * test: update suite to work with new paas/env config service logic test: new PlatformHelper * fix: update full import tests to check paas and non-paas config services * fix: update test descriptions and remove unrequired line --------- Co-authored-by: Sam Seed <sam.seed@softwire.com> 1 year ago			`redis_url = configuration_service.redis_uris.to_a[0][1]`
Add review app pipeline (#993) * Add review app pipeline * disable 2FA on review apps * update infrastructure docs about review apps 2 years ago			`Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(url: redis_url)`
CLDC-1015: limit password reset (#356) * Add a failing test (for a wrong reason) * Is that correct? * Add rack attack config for reset password * Add support to read redis configuration * Add PaaS configuration for redis * Add too many requests page * Redirect to the too many requests error page * update manifest Co-authored-by: Stéphane Meny <smeny@users.noreply.github.com> 3 years ago			`else`
Infra migration updates (#1872) * Update postgresql version in dockerfile * CLDC-2690: Update s3 service to use ECS credential provider when not on PaaS * Temporary fix for redis config when not on PaaS * Fix rubocop offences 1 year ago			`redis_url = PlatformHelper.is_paas? ? configuration_service.redis_uris[:"dluhc-core-#{Rails.env}-redis"] : configuration_service.redis_uris.to_a[0][1]`
CLDC-1015: limit password reset (#356) * Add a failing test (for a wrong reason) * Is that correct? * Add rack attack config for reset password * Add support to read redis configuration * Add PaaS configuration for redis * Add too many requests page * Redirect to the too many requests error page * update manifest Co-authored-by: Stéphane Meny <smeny@users.noreply.github.com> 3 years ago			`Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new(url: redis_url)`
			`end`

			`Rack::Attack.throttle("password reset requests", limit: 5, period: 60.seconds) do \|request\|`
Update tests for user account routes 3 years ago			`if request.params["user"].present? && request.path == "/account/password" && request.post?`
CLDC-1015: limit password reset (#356) * Add a failing test (for a wrong reason) * Is that correct? * Add rack attack config for reset password * Add support to read redis configuration * Add PaaS configuration for redis * Add too many requests page * Redirect to the too many requests error page * update manifest Co-authored-by: Stéphane Meny <smeny@users.noreply.github.com> 3 years ago			`request.params["user"]["email"].to_s.downcase.gsub(/\s+/, "")`
			`end`
			`end`

Throttle admin password reset (#429) 3 years ago			`Rack::Attack.throttle("admin password reset requests", limit: 5, period: 60.seconds) do \|request\|`
			`if request.params["admin_user"].present? && request.path == "/admin/password" && request.post?`
			`request.params["admin_user"]["email"].to_s.downcase.gsub(/\s+/, "")`
			`end`
			`end`

CLDC-1015: limit password reset (#356) * Add a failing test (for a wrong reason) * Is that correct? * Add rack attack config for reset password * Add support to read redis configuration * Add PaaS configuration for redis * Add too many requests page * Redirect to the too many requests error page * update manifest Co-authored-by: Stéphane Meny <smeny@users.noreply.github.com> 3 years ago			`Rack::Attack.throttled_responder = lambda do \|_env\|`
			`headers = {`
			`"Location" => "/429",`
			`}`
			`[301, headers, []]`
			`end`