Rate limit project imports
What does this MR do?
This MR adds a rate limiter for project imports. The throttle is applied if a user tries importing more than 30 requests in 10 minutes.
The threshold value is based on the import trend. Based on the data collected for 3rd, 6th and 7th January, 2020:
Average number of imports requested in 10 minutes for each import type:
Maximum number of imports requested in 10 minutes for each import type:
Import Frequency:
Out of total 1336 samples, 1306 of them make <= 30 requests in 10minutes.
Data: https://docs.google.com/spreadsheets/d/1seME9c26KLP1ju3vDL27Q3o5sumMnKRDWR8Mw650Xxc
Having this threshold should therefore not have any destructing effects.
Please note I'll be adding the rate limiter for the Import API in another MR.
Mentions https://gitlab.com/gitlab-org/gitlab/issues/103447
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team