From 8da011ad78bda1e8232cca8b8534a4e3d3a6769a Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Wed, 31 Aug 2022 15:50:53 +1200
Subject: [PATCH] Ensure abuse hit counter is not increased for admin/API keys

---
 app/controllers/shared/api.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index 4044ca1bfb..a9b11887df 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -115,11 +115,14 @@ App::init()
                 ;
             }
 
+            $enabled = App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled';
+
             if (
-                (App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled' // Route is rate-limited
-                    && $abuse->check()) // Abuse is not disabled
-                && (!$isAppUser && !$isPrivilegedUser)
-            ) { // User is not an admin or API key
+                $enabled                // Abuse is enabled
+                && !$isAppUser          // User is not API key
+                && !$isPrivilegedUser   // User is not an admin
+                && $abuse->check()      // Route is rate-limited
+            ) {
                 throw new Exception(Exception::GENERAL_RATE_LIMIT_EXCEEDED);
             }
         }