Add subscription rate limits

Why are we doing this work

In current implementation of subscribing to ActivityPub actors, there is not limitation : anyone could create as many subscription as they want.

This could lead to abuse and we should implement limits to avoid that. There should be limits about:

• how many subscriptions a project can have
• how many subscriptions a third-party server can have

The checks should be made upon subscription : is the requested subscription allowed to go through?

So the natural place for those to happen would be either validations in ActivityPub::ReleasesSubscription or logic in the subscription creation service.

One way or an other, keep in my that this will need to be abstracted once we have multiple actors.

Relevant links

We discussed the topic on an issue related to the blueprint.

Non-functional requirements

• Documentation:
• Testing:

Verification steps

We have a Sinatra app to help test ActivityPub features by acting as a third-party ActivityPub server, allowing to perform against local GitLab dev install tasks specific to the various MRs we're implementing. This would be a good place to add a task that try to overflow the defined limits to check they are indeed enforced.