From 11312949ae209a28c456f7b3cf70fadf3d60119c Mon Sep 17 00:00:00 2001 From: Alexander Dusenbery Date: Tue, 11 Feb 2025 10:15:39 -0500 Subject: [PATCH] feat: disable throttling for priveleged users Introduces a setting PRIVELEGED_USER_IDS, such that any user id in the list is exempt from throttling limits. --- license_manager/apps/core/throttles.py | 21 ++++++++++++++++++--- license_manager/settings/base.py | 3 +++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/license_manager/apps/core/throttles.py b/license_manager/apps/core/throttles.py index 6911972d..c5ca6a28 100644 --- a/license_manager/apps/core/throttles.py +++ b/license_manager/apps/core/throttles.py @@ -3,13 +3,28 @@ so that we can throttle both bursty and sustained throughtput. """ - +from django.conf import settings from rest_framework.throttling import UserRateThrottle -class UserBurstRateThrottle(UserRateThrottle): +class PrivelegedUserThrottle(UserRateThrottle): + """ + Skips throttling is the requesting authenticated user + is in the list of priveleged user ids. + is staff or superuser. + """ + def allow_request(self, request, view): + user = request.user + + if user and user.is_authenticated and user.id in settings.PRIVELEGED_USER_IDS: + return True + + return super().allow_request(request, view) + + +class UserBurstRateThrottle(PrivelegedUserThrottle): scope = 'user_burst' -class UserSustainedRateThrottle(UserRateThrottle): +class UserSustainedRateThrottle(PrivelegedUserThrottle): scope = 'user_sustained' diff --git a/license_manager/settings/base.py b/license_manager/settings/base.py index 0fb297fd..bfa190c1 100644 --- a/license_manager/settings/base.py +++ b/license_manager/settings/base.py @@ -163,6 +163,9 @@ } } +# Maintain a list of user ids to opt-out of API throttle limits +PRIVELEGED_USER_IDS = [] + # Internationalization # https://docs.djangoproject.com/en/dev/topics/i18n/