Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dev: Add Rate limits for rest endpoints #735

Merged
merged 12 commits into from
Aug 16, 2024
Merged

dev: Add Rate limits for rest endpoints #735

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
c9110e3
add rate limiter for REST endpoint
ajay-sentry Aug 5, 2024
463de3f
Merge branch 'main' into Ajay/rest-framework-rate-limiter
ajay-sentry Aug 12, 2024
da137cf
add rate limits
ajay-sentry Aug 12, 2024
aebbdf0
move to prod
ajay-sentry Aug 12, 2024
7549ff0
add back to base, remove from prod, and make staging have no limit
ajay-sentry Aug 12, 2024
b4fdef4
update test settings throttle rates
ajay-sentry Aug 15, 2024
f172bcf
get rid of sustained
ajay-sentry Aug 15, 2024
b30c630
remove throttle altogether
ajay-sentry Aug 15, 2024
93d70e6
update ini test file to use test settings
ajay-sentry Aug 15, 2024
196279a
update test runner stuff
ajay-sentry Aug 15, 2024
c35db88
enable to 9000 by default
ajay-sentry Aug 15, 2024
dc597b4
revert, too much work to add pk to all user objects
ajay-sentry Aug 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions codecov/rate_limiter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
from rest_framework.throttling import AnonRateThrottle, UserRateThrottle

Check warning on line 1 in codecov/rate_limiter.py

View check run for this annotation

Codecov Notifications / codecov/patch

codecov/rate_limiter.py#L1 

Added line #L1 was not covered by tests


class UserBurstRateThrottle(UserRateThrottle):
scope = "user-burst"

Check warning on line 5 in codecov/rate_limiter.py

View check run for this annotation

Codecov Notifications / codecov/patch

codecov/rate_limiter.py#L4-L5 

Added lines #L4 - L5 were not covered by tests


class UserSustainedRateThrottle(UserRateThrottle):
scope = "user-sustained"

Check warning on line 9 in codecov/rate_limiter.py

View check run for this annotation

Codecov Notifications / codecov/patch

codecov/rate_limiter.py#L8-L9 

Added lines #L8 - L9 were not covered by tests


class AnonBurstRateThrottle(AnonRateThrottle):
scope = "anon-burst"

Check warning on line 13 in codecov/rate_limiter.py

View check run for this annotation

Codecov Notifications / codecov/patch

codecov/rate_limiter.py#L12-L13 

Added lines #L12 - L13 were not covered by tests


class AnonSustainedRateThrottle(AnonRateThrottle):
scope = "anon-sustained"

Check warning on line 17 in codecov/rate_limiter.py

View check run for this annotation

Codecov Notifications / codecov/patch

codecov/rate_limiter.py#L16-L17 

Added lines #L16 - L17 were not covered by tests
15 changes: 15 additions & 0 deletions codecov/settings_base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,21 @@
"DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
"PAGE_SIZE": 20,
"DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
# Read https://www.django-rest-framework.org/api-guide/throttling/ for additional info on how to
# modify throttling for codecov-api. Initially, we just want a simple throttle mechanism to prevent
# burst requests from users/anons on our REST endpoints
"DEFAULT_THROTTLE_CLASSES": [
"codecov.rate_limiter.UserBurstRateThrottle",
"codecov.rate_limiter.AnonBurstRateThrottle",
"codecov.rate_limiter.UserSustainedRateThrottle",
"codecov.rate_limiter.AnonSustainedRateThrottle",
],
"DEFAULT_THROTTLE_RATES": {
"anon-burst": "30/min",
"anon-sustained": "1000/day",
"user-burst": "90/min",
"user-sustained": "2000/day",
},
}

# API auto-documentation settings
Expand Down
32 changes: 32 additions & 0 deletions codecov/settings_dev.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,3 +57,35 @@
# SHELTER_SHARED_SECRET = "test-supertoken"

GUEST_ACCESS = True


REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES": (
"rest_framework.permissions.IsAuthenticatedOrReadOnly",
),
"DEFAULT_AUTHENTICATION_CLASSES": (
"codecov_auth.authentication.UserTokenAuthentication",
"rest_framework.authentication.BasicAuthentication",
"codecov_auth.authentication.SessionAuthentication",
),
"DEFAULT_PAGINATION_CLASS": "api.shared.pagination.StandardPageNumberPagination",
"DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
"PAGE_SIZE": 20,
"DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
# Read https://www.django-rest-framework.org/api-guide/throttling/ for additional info on how to
# modify throttling for codecov-api. Initially, we just want a simple throttle mechanism to prevent
# burst requests from users/anons on our REST endpoints
# COMMENT THIS OUT TO ENABLE RATE LIMITS. COMMENTED OUT SO IT DOESNT AFFECT TEST RUNNERS
# "DEFAULT_THROTTLE_CLASSES": [
# "codecov.rate_limiter.UserBurstRateThrottle",
# "codecov.rate_limiter.AnonBurstRateThrottle",
# "codecov.rate_limiter.UserSustainedRateThrottle",
# "codecov.rate_limiter.AnonSustainedRateThrottle",
# ],
# "DEFAULT_THROTTLE_RATES": {
# "anon-burst": "30/min",
# "anon-sustained": "1000/day",
# "user-burst": "90/min",
# "user-sustained": "2000/day",
# },
}
15 changes: 15 additions & 0 deletions codecov/settings_staging.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,18 @@
CSRF_TRUSTED_ORIGINS = [
get_config("setup", "trusted_origin", default="https://*.codecov.dev")
]

REST_FRAMEWORK = {

Check warning on line 77 in codecov/settings_staging.py

View check run for this annotation

Codecov Notifications / codecov/patch

codecov/settings_staging.py#L77 

Added line #L77 was not covered by tests
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dont want to add rate limits to staging

"DEFAULT_PERMISSION_CLASSES": (
"rest_framework.permissions.IsAuthenticatedOrReadOnly",
),
"DEFAULT_AUTHENTICATION_CLASSES": (
"codecov_auth.authentication.UserTokenAuthentication",
"rest_framework.authentication.BasicAuthentication",
"codecov_auth.authentication.SessionAuthentication",
),
"DEFAULT_PAGINATION_CLASS": "api.shared.pagination.StandardPageNumberPagination",
"DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
"PAGE_SIZE": 20,
"DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
}
Loading