Merge branch 'master' into irve/refactor

thbar · web-flow · commit 12330c519fce · 2025-05-13T08:11:43.000+02:00
diff --git a/apps/transport/test/transport_web/plugs/rate_limiter_test.exs b/apps/transport/test/transport_web/plugs/rate_limiter_test.exs
@@ -27,7 +27,11 @@ defmodule TransportWeb.Plugs.RateLimiterTest do
                  allow_user_agents: ""
                )
 
-      assert [allow_user_agents: ["bar", "baz"], block_user_agent_keywords: ["foo", "bar"], log_user_agent: false] =
+      assert [
+               allow_user_agents: ["bar", "baz"],
+               block_user_agent_keywords: ["foo", "bar"],
+               log_user_agent: false
+             ] =
                RateLimiter.init(
                  log_user_agent: "",
                  block_user_agent_keywords: "foo|bar",
@@ -36,7 +40,11 @@ defmodule TransportWeb.Plugs.RateLimiterTest do
     end
 
     test "with keywords" do
-      assert [allow_user_agents: [], log_user_agent: false, block_user_agent_keywords: ["foo", "bar"]] ==
+      assert [
+               allow_user_agents: [],
+               log_user_agent: false,
+               block_user_agent_keywords: ["foo", "bar"]
+             ] ==
                RateLimiter.init(
                  block_user_agent_keywords: ["foo", "bar"],
                  log_user_agent: false,
diff --git a/config/config.exs b/config/config.exs
@@ -223,21 +223,6 @@ config :appsignal, :config,
     "Unlock.Controller#fetch"
   ]
 
-# `phoenix_ddos` is called in our own Plug `TransportWeb.Plugs.RateLimiter`
-config :phoenix_ddos,
-  safelist_ips: "PHOENIX_DDOS_SAFELIST_IPS" |> System.get_env("") |> String.split("|") |> Enum.reject(&(&1 == "")),
-  blocklist_ips: "PHOENIX_DDOS_BLOCKLIST_IPS" |> System.get_env("") |> String.split("|") |> Enum.reject(&(&1 == "")),
-  protections: [
-    # ip rate limit
-    {PhoenixDDoS.IpRateLimit,
-     allowed: "PHOENIX_DDOS_MAX_2MIN_REQUESTS" |> System.get_env("500") |> Integer.parse() |> elem(0),
-     period: {2, :minutes}},
-    {PhoenixDDoS.IpRateLimit,
-     allowed: "PHOENIX_DDOS_MAX_1HOUR_REQUESTS" |> System.get_env("10000") |> Integer.parse() |> elem(0),
-     period: {1, :hour}}
-    # ip rate limit on specific request_path
-  ]
-
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "datagouvfr.exs"
diff --git a/config/prod.exs b/config/prod.exs
@@ -19,5 +19,22 @@ config :sentry,
   dsn: System.get_env("SENTRY_DSN"),
   csp_url: System.get_env("SENTRY_CSP_URL")
 
+# `phoenix_ddos` is called in our own Plug `TransportWeb.Plugs.RateLimiter`
+config :phoenix_ddos,
+  safelist_ips: "PHOENIX_DDOS_SAFELIST_IPS" |> System.get_env("") |> String.split("|") |> Enum.reject(&(&1 == "")),
+  blocklist_ips: "PHOENIX_DDOS_BLOCKLIST_IPS" |> System.get_env("") |> String.split("|") |> Enum.reject(&(&1 == "")),
+  protections: [
+    # ip rate limit
+    {PhoenixDDoS.IpRateLimit,
+     allowed: "PHOENIX_DDOS_MAX_2MIN_REQUESTS" |> System.get_env("500") |> Integer.parse() |> elem(0),
+     period: {2, :minutes}},
+    {PhoenixDDoS.IpRateLimit,
+     allowed: "PHOENIX_DDOS_MAX_1HOUR_REQUESTS" |> System.get_env("10000") |> Integer.parse() |> elem(0),
+     period: {1, :hour}},
+    # ip rate limit on specific request_path
+    {PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: [{:get, "/login"}], allowed: 5, period: {30, :seconds}},
+    {PhoenixDDoS.IpRateLimitPerRequestPath, request_paths: [{:post, "/send_mail"}], allowed: 1, period: {30, :seconds}}
+  ]
+
 # Do not print debug messages in production
 config :logger, level: :info
