Use a dedicated scope for throttling subsonic to avoid intrusive rate-limiting

9d73a77f · Eliot Berriot · 82692f11 · 9d73a77f · 9d73a77f · 9d73a77f
Verified Commit 9d73a77f authored 5 years ago by Eliot Berriot
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -759,6 +759,10 @@ THROTTLING_RATES = {
        "rate": THROTTLING_USER_RATES.get("anonymous-update", "1000/day"),
        "description": "Anonymous PATCH and PUT requests on resource detail",
    },
+    "subsonic": {
+        "rate": THROTTLING_USER_RATES.get("subsonic", "1000/hour"),
+        "description": "All subsonic API requests",
+    },
    # potentially spammy / dangerous endpoints
    "authenticated-reports": {
        "rate": THROTTLING_USER_RATES.get("authenticated-reports", "100/day"),

--- a/api/funkwhale_api/subsonic/views.py
+++ b/api/funkwhale_api/subsonic/views.py
@@ -104,6 +104,7 @@ class SubsonicViewSet(viewsets.GenericViewSet):
    content_negotiation_class = negotiation.SubsonicContentNegociation
    authentication_classes = [authentication.SubsonicAuthentication]
    permission_classes = [rest_permissions.IsAuthenticated]
+    throttling_scopes = {"*": {"authenticated": "subsonic", "anonymous": "subsonic"}}

    def dispatch(self, request, *args, **kwargs):
        if not preferences.get("subsonic__enabled"):

--- a/changes/changelog.d/subsonic-throttling.enhancement
+++ b/changes/changelog.d/subsonic-throttling.enhancement
+Use a dedicated scope for throttling subsonic to avoid intrusive rate-limiting