From 9d73a77f7e5ff47f667a3c0892ee2eee885ef2c7 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Mon, 6 Jan 2020 09:55:58 +0100
Subject: [PATCH] Use a dedicated scope for throttling subsonic to avoid
 intrusive rate-limiting

---
 api/config/settings/common.py                       | 4 ++++
 api/funkwhale_api/subsonic/views.py                 | 1 +
 changes/changelog.d/subsonic-throttling.enhancement | 1 +
 3 files changed, 6 insertions(+)
 create mode 100644 changes/changelog.d/subsonic-throttling.enhancement

diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index 2ed9aa4b6..5c6957c11 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -759,6 +759,10 @@ THROTTLING_RATES = {
         "rate": THROTTLING_USER_RATES.get("anonymous-update", "1000/day"),
         "description": "Anonymous PATCH and PUT requests on resource detail",
     },
+    "subsonic": {
+        "rate": THROTTLING_USER_RATES.get("subsonic", "1000/hour"),
+        "description": "All subsonic API requests",
+    },
     # potentially spammy / dangerous endpoints
     "authenticated-reports": {
         "rate": THROTTLING_USER_RATES.get("authenticated-reports", "100/day"),
diff --git a/api/funkwhale_api/subsonic/views.py b/api/funkwhale_api/subsonic/views.py
index 53861572a..4e70f5583 100644
--- a/api/funkwhale_api/subsonic/views.py
+++ b/api/funkwhale_api/subsonic/views.py
@@ -104,6 +104,7 @@ class SubsonicViewSet(viewsets.GenericViewSet):
     content_negotiation_class = negotiation.SubsonicContentNegociation
     authentication_classes = [authentication.SubsonicAuthentication]
     permission_classes = [rest_permissions.IsAuthenticated]
+    throttling_scopes = {"*": {"authenticated": "subsonic", "anonymous": "subsonic"}}
 
     def dispatch(self, request, *args, **kwargs):
         if not preferences.get("subsonic__enabled"):
diff --git a/changes/changelog.d/subsonic-throttling.enhancement b/changes/changelog.d/subsonic-throttling.enhancement
new file mode 100644
index 000000000..aad862340
--- /dev/null
+++ b/changes/changelog.d/subsonic-throttling.enhancement
@@ -0,0 +1 @@
+Use a dedicated scope for throttling subsonic to avoid intrusive rate-limiting
-- 
GitLab