From 4606ec476335a8477392b7d4fef1fc99b48f8f20 Mon Sep 17 00:00:00 2001
From: albert <r888888888@gmail.com>
Date: Thu, 21 Mar 2013 07:46:49 -0700
Subject: [PATCH] priv users now have 6sec timeout, platinum users have 9sec
 timeout

---
 app/logical/anonymous_user.rb                   |  4 ++++
 app/logical/session_loader.rb                   |  6 ++++++
 app/models/user.rb                              | 10 ++++++++++
 app/views/users/upgrade_information.html.erb    | 12 ++++++++++++
 config/initializers/active_record_extensions.rb |  4 ++--
 doc/api.txt                                     |  6 +++++-
 test/unit/post_sets/post_test.rb                |  2 +-
 7 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/app/logical/anonymous_user.rb b/app/logical/anonymous_user.rb
index 1e8add5ad..91fd06aba 100644
--- a/app/logical/anonymous_user.rb
+++ b/app/logical/anonymous_user.rb
@@ -168,6 +168,10 @@ class AnonymousUser
   def api_hourly_limit
     500
   end
+  
+  def statement_timeout
+    3_000
+  end
 
   %w(member banned privileged builder platinum contributor janitor moderator admin).each do |name|
     define_method("is_#{name}?") do
diff --git a/app/logical/session_loader.rb b/app/logical/session_loader.rb
index b288d30fc..1f24088c9 100644
--- a/app/logical/session_loader.rb
+++ b/app/logical/session_loader.rb
@@ -25,9 +25,15 @@ class SessionLoader
 
     update_last_logged_in_at
     set_time_zone
+    set_statement_timeout
   end
 
 private
+  
+  def set_statement_timeout
+    timeout = CurrentUser.user.statement_timeout
+    ActiveRecord::Base.connection.execute("set statement_timeout = #{timeout}")
+  end
 
   def load_session_for_api
     if request.authorization
diff --git a/app/models/user.rb b/app/models/user.rb
index 38b576654..ac6955fea 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -479,6 +479,16 @@ class User < ActiveRecord::Base
         3_000
       end
     end
+    
+    def statement_timeout
+      if is_platinum?
+        9_000
+      elsif is_privileged?
+        6_000
+      else
+        3_000
+      end
+    end
   end
 
   module ApiMethods
diff --git a/app/views/users/upgrade_information.html.erb b/app/views/users/upgrade_information.html.erb
index d21901070..24af35fb2 100644
--- a/app/views/users/upgrade_information.html.erb
+++ b/app/views/users/upgrade_information.html.erb
@@ -67,6 +67,18 @@
             <td>Yes</td>
             <td>Yes</td>
           </tr>
+          <tr>
+            <td>API Hourly Limit</td>
+            <td>3,000</td>
+            <td>10,000</td>
+            <td>20,000</td>
+          </tr>
+          <tr>
+            <td>Database Timeout</td>
+            <td>3 sec</td>
+            <td>6 sec</td>
+            <td>9 sec</td>
+          </tr>
         </tbody>
       </table>
     </div>
diff --git a/config/initializers/active_record_extensions.rb b/config/initializers/active_record_extensions.rb
index 168b559fb..4fc33896e 100644
--- a/config/initializers/active_record_extensions.rb
+++ b/config/initializers/active_record_extensions.rb
@@ -8,7 +8,7 @@ module Danbooru
           connection.execute("SET STATEMENT_TIMEOUT = 0") unless Rails.env == "test"
           yield
         ensure
-          connection.execute("SET STATEMENT_TIMEOUT = 3000") unless Rails.env == "test"
+          connection.execute("SET STATEMENT_TIMEOUT = #{CurrentUser.user.statement_timeout}") unless Rails.env == "test"
         end
 
         def with_timeout(n, default_value)
@@ -17,7 +17,7 @@ module Danbooru
         rescue ::ActiveRecord::StatementInvalid
           return default_value
         ensure
-          connection.execute("SET STATEMENT_TIMEOUT = 3000") unless Rails.env == "test"
+          connection.execute("SET STATEMENT_TIMEOUT = #{CurrentUser.user.statement_timeout}") unless Rails.env == "test"
         end
       end
 
diff --git a/doc/api.txt b/doc/api.txt
index ef20a00d8..bb13d448f 100644
--- a/doc/api.txt
+++ b/doc/api.txt
@@ -40,10 +40,14 @@ While you can usually determine success or failure based on the response object,
 
 h1. Authentication
 
-All API calls must be authenticated. You can pass in two parameters: login and api_key. For legacy users, password_hash using the old salted SHA1 hashed password is also supported. Your API key is equivalent to your bcrypted password hash, which is stored in your cookies as password_hash. You can discover your API key by visiting your user profile. Your API key is intended to be a secret so you should not publicly distribute it.
+You must be logged in to use the API.
+
+If you can't maintain a session via a cookie, you can pass in two parameters to authenticate: login and api_key. For legacy users, password_hash using the old salted SHA1 hashed password is also supported. Your API key is equivalent to your bcrypted password hash, which is stored in your cookies as password_hash. You can discover your API key by visiting your user profile. Your API key is intended to be a secret so you should not publicly distribute it.
 
 You can also authenticate via HTTP Basic Authentication using your user name and API key.
 
+If you are writing a user script for a browser, you do not need to embed an API key. You can rely on the user's session.
+
 Basic members can make 3,000 requests an hour. Gold members can make 10,000 requests an hour. Platinum members can make 20,000 requests an hour.
 
 h1. Posts
diff --git a/test/unit/post_sets/post_test.rb b/test/unit/post_sets/post_test.rb
index d6ef6b825..d0ef0fcd5 100644
--- a/test/unit/post_sets/post_test.rb
+++ b/test/unit/post_sets/post_test.rb
@@ -100,7 +100,7 @@ module PostSets
 
         context "for a non-privileged user" do
           should "fail" do
-            assert_raises(PostSets::SearchError) do
+            assert_raises(::Post::SearchError) do
               @set.posts
             end
           end