Do not set rate visitor for non-eligible topics

docs/releases.md

@@ -1374,8 +1374,9 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release
 
 * Swedish (thanks to [@hellbown](https://hosted.weblate.org/user/hellbown/))
 
-### ntfy server v2.11.0
+### ntfy server v2.11.0 (UNRELEASED)
 
 **Bug fixes + maintenance:**
 
 * Re-add database index `idx_topic` to the `messages` table to fix performance issues on ntfy.sh (no ticket, big thanks to [@tcaputi](https://github.com/tcaputi) for finding this issue)
+* Do not set rate visitor for non-eligible topics (no ticket)

server/server.go

@@ -1499,6 +1499,9 @@ func (s *Server) maybeSetRateVisitors(r *http.Request, v *visitor, topics []*top
 	// - topic is not reserved, and v.user has write access
 	writableRateTopics := make([]*topic, 0)
 	for _, t := range topics {
+		if !util.Contains(eligibleRateTopics, t) {
+			continue
+		}
 		ownerUserID, err := s.userManager.ReservationOwner(t.ID)
 		if err != nil {
 			return err

server/server_test.go

@@ -2306,6 +2306,22 @@ func TestServer_SubscriberRateLimiting_Success(t *testing.T) {
 	require.Equal(t, 429, rr.Code)
 }
 
+func TestServer_SubscriberRateLimiting_NotWrongTopic(t *testing.T) {
+	c := newTestConfigWithAuthFile(t)
+	c.VisitorSubscriberRateLimiting = true
+	s := newTestServer(t, c)
+
+	subscriberFn := func(r *http.Request) {
+		r.RemoteAddr = "1.2.3.4"
+	}
+	rr := request(t, s, "GET", "/alerts,upAAAAAAAAAAAA,upBBBBBBBBBBBB/json?poll=1", "", nil, subscriberFn)
+	require.Equal(t, 200, rr.Code)
+	require.Equal(t, "", rr.Body.String())
+	require.Nil(t, s.topics["alerts"].rateVisitor)
+	require.Equal(t, "1.2.3.4", s.topics["upAAAAAAAAAAAA"].rateVisitor.ip.String())
+	require.Equal(t, "1.2.3.4", s.topics["upBBBBBBBBBBBB"].rateVisitor.ip.String())
+}
+
 func TestServer_SubscriberRateLimiting_NotEnabled_Failed(t *testing.T) {
 	c := newTestConfigWithAuthFile(t)
 	c.VisitorRequestLimitBurst = 3