From 83e4cca2b7e78bed76d23b3f4458e68c6b281bea Mon Sep 17 00:00:00 2001
From: Edward Chernenko <edwardspec@gmail.com>
Date: Thu, 26 Dec 2024 01:32:06 +0300
Subject: [PATCH] Rate limiting: limit query=askai to 5 requests every 30s (per
 user)

---
 extension.json                 | 8 ++++++++
 includes/api/ApiQueryAskAI.php | 5 +++++
 2 files changed, 13 insertions(+)

diff --git a/extension.json b/extension.json
index 42d1c72..eb44a72 100644
--- a/extension.json
+++ b/extension.json
@@ -17,6 +17,14 @@
 			"askai": true
 		}
 	},
+	"RateLimits": {
+		"askai": {
+			"user": [
+				5,
+				30
+			]
+		}
+	},
 	"AutoloadClasses": {
 		"MediaWiki\\AskAI\\ApiQueryAskAI": "includes/api/ApiQueryAskAI.php",
 		"MediaWiki\\AskAI\\Hooks": "includes/Hooks.php",
diff --git a/includes/api/ApiQueryAskAI.php b/includes/api/ApiQueryAskAI.php
index 6908949..e2f0124 100644
--- a/includes/api/ApiQueryAskAI.php
+++ b/includes/api/ApiQueryAskAI.php
@@ -31,12 +31,17 @@
 use ApiQueryBase;
 use MediaWiki\AskAI\Service\ServiceFactory;
 use Status;
+use ThrottledError;
 use Wikimedia\ParamValidator\ParamValidator;
 
 class ApiQueryAskAI extends ApiQueryBase {
 	public function execute() {
 		$this->checkUserRightsAny( 'askai' );
 
+		if ( $this->getUser()->pingLimiter( 'askai' ) ) {
+			throw new ThrottledError;
+		}
+
 		$ai = ServiceFactory::getAI();
 		if ( !$ai ) {
 			$this->dieStatus( Status::newFatal( 'askai-unknown-service' ) );