chore: api rate limiting (#2933)

2023-11-29 14:14:26 +05:30 · 2023-11-29 14:14:26 +05:30 · 6d175c0e56
commit 6d175c0e56
parent 6a4f521b47
3 changed files with 2 additions and 55 deletions
--- a/apiserver/plane/api/rate_limit.py
+++ b/apiserver/plane/api/rate_limit.py
@ -1,9 +1,8 @@
-from django.utils import timezone
 from rest_framework.throttling import SimpleRateThrottle

-
 class ApiKeyRateThrottle(SimpleRateThrottle):
    scope = 'api_key'
+    rate = '60/minute'

    def get_cache_key(self, request, view):
        # Retrieve the API key from the request header
@ -15,13 +14,10 @@ class ApiKeyRateThrottle(SimpleRateThrottle):
        return f'{self.scope}:{api_key}'

    def allow_request(self, request, view):
-        # Calculate the current time as a Unix timestamp
-        now = timezone.now().timestamp()
-
-        # Use the parent class's method to check if the request is allowed
        allowed = super().allow_request(request, view)

        if allowed:
+            now = self.timer()
            # Calculate the remaining limit and reset time
            history = self.cache.get(self.key, [])

--- a/apiserver/plane/app/rate_limit.py
+++ b/apiserver/plane/app/rate_limit.py
@ -1,45 +0,0 @@
-from django.utils import timezone
-from rest_framework.throttling import SimpleRateThrottle
-
-
-class ApiKeyRateThrottle(SimpleRateThrottle):
-    scope = 'api_key'
-
-    def get_cache_key(self, request, view):
-        # Retrieve the API key from the request header
-        api_key = request.headers.get('X-Api-Key')
-        if not api_key:
-            return None  # Allow the request if there's no API key
-
-        # Use the API key as part of the cache key
-        return f'{self.scope}:{api_key}'
-
-    def allow_request(self, request, view):
-        # Calculate the current time as a Unix timestamp
-        now = timezone.now().timestamp()
-
-        # Use the parent class's method to check if the request is allowed
-        allowed = super().allow_request(request, view)
-
-        if allowed:
-            # Calculate the remaining limit and reset time
-            history = self.cache.get(self.key, [])
-
-            # Remove old histories
-            while history and history[-1] <= now - self.duration:
-                history.pop()
-            
-            # Calculate the requests
-            num_requests = len(history)
-
-            # Check available requests
-            available = self.num_requests - num_requests
-
-            # Unix timestamp for when the rate limit will reset
-            reset_time = int(now + self.duration)
-
-            # Add headers
-            request.META['X-RateLimit-Remaining'] = max(0, available)
-            request.META['X-RateLimit-Reset'] = reset_time
-
-        return allowed
--- a/apiserver/plane/settings/common.py
+++ b/apiserver/plane/settings/common.py
@ -75,10 +75,6 @@ REST_FRAMEWORK = {
    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
    "DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
    "DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
-    "DEFAULT_THROTTLE_CLASSES": ("plane.api.rate_limit.ApiKeyRateThrottle",),
-    "DEFAULT_THROTTLE_RATES": {
-        "api_key": "60/minute",
-    },
 }

 # Django Auth Backend