Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert rate limiting of asset list endpoint #1905

Merged
merged 2 commits into from
Mar 25, 2024
Merged

Revert rate limiting of asset list endpoint #1905

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a2991b2
Revert "Add missing setting for DRF throttle class"
mvandenburgh Mar 25, 2024
b4bb739
Revert "Rate limit assets list endpoint for logged out users"
mvandenburgh Mar 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions dandiapi/api/views/asset.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
from rest_framework.exceptions import NotAuthenticated, NotFound, PermissionDenied
from rest_framework.generics import get_object_or_404
from rest_framework.response import Response
from rest_framework.throttling import AnonRateThrottle, BaseThrottle
from rest_framework.viewsets import GenericViewSet, ReadOnlyModelViewSet
from rest_framework_extensions.mixins import DetailSerializerMixin, NestedViewSetMixin

Expand Down Expand Up @@ -83,12 +82,6 @@ class AssetViewSet(DetailSerializerMixin, GenericViewSet):
filter_backends = [filters.DjangoFilterBackend]
filterset_class = AssetFilter

def get_throttles(self) -> list[BaseThrottle]:
if self.action == 'list':
throttles = [*self.throttle_classes, AnonRateThrottle]
return [throttle() for throttle in throttles]
return super().get_throttles()

def raise_if_unauthorized(self):
# We need to check the dandiset to see if it's embargoed, and if so whether or not the
# user has ownership
Expand Down
14 changes: 0 additions & 14 deletions dandiapi/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import os
from pathlib import Path
import sys

from composed_configuration import (
ComposedConfiguration,
Expand Down Expand Up @@ -80,11 +79,6 @@ def mutate_configuration(configuration: type[ComposedConfiguration]):
'dandiapi.drf_utils.rewrap_django_core_exceptions'
)

# By default, set request rate limit to a very high number, effectively disabling it.
configuration.REST_FRAMEWORK['DEFAULT_THROTTLE_RATES'] = {
'anon': f'{sys.maxsize}/minute',
}

# If this environment variable is set, the pydantic model will allow URLs with localhost
# in them. This is important for development and testing environments, where URLs will
# frequently point to localhost.
Expand Down Expand Up @@ -187,14 +181,6 @@ def mutate_configuration(configuration: type[ComposedConfiguration]):
# We're configuring sentry by hand since we need to pass custom options (traces_sampler).
configuration.INSTALLED_APPS.remove('composed_configuration.sentry.apps.SentryConfig')

# In production, enable rate limiting for unauthenticated users
configuration.REST_FRAMEWORK['DEFAULT_THROTTLE_CLASSES'] = [
'rest_framework.throttling.AnonRateThrottle',
]
configuration.REST_FRAMEWORK['DEFAULT_THROTTLE_RATES'] = {
'anon': '300/minute',
}

ENABLE_GITHUB_OAUTH = True

# All login attempts in production should go straight to GitHub
Expand Down