From: Tom Hughes <tom@compton.nu>
Date: Sat, 31 Oct 2009 00:24:36 +0000 (+0000)
Subject: Limit the rate at which messages can be sent.
X-Git-Tag: live~6478
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/81d47fe50d236b96ed5956597b8c194d4ecb03bc?hp=2d7fa37bd26ae700a3e59f3377d0dc6aa596789a

Limit the rate at which messages can be sent.
---

diff --git a/app/controllers/message_controller.rb b/app/controllers/message_controller.rb
index db40cc03f..18b286973 100644
--- a/app/controllers/message_controller.rb
+++ b/app/controllers/message_controller.rb
@@ -15,15 +15,19 @@ class MessageController < ApplicationController
     @to_user = User.find_by_display_name(params[:display_name])
     if @to_user
       if params[:message]
-        @message = Message.new(params[:message])
-        @message.to_user_id = @to_user.id
-        @message.from_user_id = @user.id
-        @message.sent_on = Time.now.getutc
+        if @user.sent_messages.count(:conditions => ["sent_on >= ?", Time.now.getutc - 1.hour]) >= APP_CONFIG['max_messages_per_hour']
+          flash[:notice] = t 'message.new.limit_exceeded'
+        else
+          @message = Message.new(params[:message])
+          @message.to_user_id = @to_user.id
+          @message.from_user_id = @user.id
+          @message.sent_on = Time.now.getutc
 
-        if @message.save
-          flash[:notice] = t 'message.new.message_sent'
-          Notifier::deliver_message_notification(@message)
-          redirect_to :controller => 'message', :action => 'inbox', :display_name => @user.display_name
+          if @message.save
+            flash[:notice] = t 'message.new.message_sent'
+            Notifier::deliver_message_notification(@message)
+            redirect_to :controller => 'message', :action => 'inbox', :display_name => @user.display_name
+          end
         end
       else
         if params[:title]
diff --git a/config/application.yml b/config/application.yml
index c14dc8168..a478217a4 100644
--- a/config/application.yml
+++ b/config/application.yml
@@ -17,6 +17,8 @@ standard_settings: &standard_settings
   api_timeout: 300
   # Periods (in hours) which are allowed for user blocks
   user_block_periods: [0, 1, 3, 6, 12, 24, 48, 96]
+  # Rate limit for message sending
+  max_messages_per_hour: 60
  
 development:
   <<: *standard_settings
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 1c0171c2c..d77c9a0dd 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -581,6 +581,7 @@ en:
       send_button: "Send"
       back_to_inbox: "Back to inbox"
       message_sent: "Message sent"
+      limit_exceeded: "You have sent a lot of messages recently, please wait a while before trying to send any more."
     no_such_user:
       title: "No such user or message"
       heading: "No such user or message"