diff --git a/zerver/lib/rate_limiter.py b/zerver/lib/rate_limiter.py index 5c4214d13d..4abf77858c 100644 --- a/zerver/lib/rate_limiter.py +++ b/zerver/lib/rate_limiter.py @@ -42,11 +42,12 @@ class RateLimitedObject(ABC): ) def rate_limit_request(self, request: HttpRequest) -> None: - ratelimited, time = self.rate_limit() + from zerver.lib.request import get_request_notes - if not hasattr(request, "_ratelimits_applied"): - request._ratelimits_applied = [] - request._ratelimits_applied.append( + ratelimited, time = self.rate_limit() + request_notes = get_request_notes(request) + + request_notes.ratelimits_applied.append( RateLimitResult( entity=self, secs_to_freedom=time, @@ -61,8 +62,8 @@ class RateLimitedObject(ABC): calls_remaining, seconds_until_reset = self.api_calls_left() - request._ratelimits_applied[-1].remaining = calls_remaining - request._ratelimits_applied[-1].secs_to_freedom = seconds_until_reset + request_notes.ratelimits_applied[-1].remaining = calls_remaining + request_notes.ratelimits_applied[-1].secs_to_freedom = seconds_until_reset def block_access(self, seconds: int) -> None: "Manually blocks an entity for the desired number of seconds" diff --git a/zerver/middleware.py b/zerver/middleware.py index 09c0e5ec11..8c8dc8941f 100644 --- a/zerver/middleware.py +++ b/zerver/middleware.py @@ -540,8 +540,9 @@ class RateLimitMiddleware(MiddlewareMixin): return response # Add X-RateLimit-*** headers - if hasattr(request, "_ratelimits_applied"): - self.set_response_headers(response, request._ratelimits_applied) + ratelimits_applied = get_request_notes(request).ratelimits_applied + if len(ratelimits_applied) > 0: + self.set_response_headers(response, ratelimits_applied) return response diff --git a/zerver/tornado/handlers.py b/zerver/tornado/handlers.py index 59cd130419..36d4edca52 100644 --- a/zerver/tornado/handlers.py +++ b/zerver/tornado/handlers.py @@ -238,10 +238,10 @@ class AsyncDjangoHandler(tornado.web.RequestHandler, base.BaseHandler): # Add to this new HttpRequest logging data from the processing of # the original request; we will need these for logging. request_notes.log_data = old_request_notes.log_data + if request_notes.rate_limit is not None: + request_notes.rate_limit = old_request_notes.rate_limit if request_notes.requestor_for_logs is not None: request_notes.requestor_for_logs = old_request_notes.requestor_for_logs - if hasattr(request, "_rate_limit"): - request._rate_limit = old_request._rate_limit request.user = old_request.user request_notes.client = old_request_notes.client request_notes.client_name = old_request_notes.client_name diff --git a/zproject/backends.py b/zproject/backends.py index ebba4abb25..98906bdce0 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -260,12 +260,11 @@ def rate_limit_authentication_by_username(request: HttpRequest, username: str) - def auth_rate_limiting_already_applied(request: HttpRequest) -> bool: - if not hasattr(request, "_ratelimits_applied"): - return False + request_notes = get_request_notes(request) return any( isinstance(r.entity, RateLimitedAuthenticationByUsername) - for r in request._ratelimits_applied + for r in request_notes.ratelimits_applied )