def test_organization(self):
self.request.session = {}
sentry_app = self.create_sentry_app(name="Tesla App",
published=True,
organization=self.organization)
install = self.create_sentry_app_installation(
slug=sentry_app.slug,
organization=self.organization,
user=self.user)
client_id = sentry_app.application.client_id
user = sentry_app.proxy_user
api_token = GrantExchanger.run(install=install,
code=install.api_grant.code,
client_id=client_id,
user=user)
self.request.user = sentry_app.proxy_user
self.request.auth = api_token
assert (
get_rate_limit_key(self.view, self.request) ==
f"org:OrganizationGroupIndexEndpoint:GET:{install.organization_id}"
)
def process_view(self, request: Request, view_func, view_args,
view_kwargs) -> Response | None:
"""Check if the endpoint call will violate."""
try:
# TODO: put these fields into their own object
request.will_be_rate_limited = False
request.rate_limit_category = None
request.rate_limit_uid = uuid.uuid4().hex
request.rate_limit_key = get_rate_limit_key(view_func, request)
if request.rate_limit_key is None:
return
category_str = request.rate_limit_key.split(":", 1)[0]
request.rate_limit_category = category_str
rate_limit = get_rate_limit_value(
http_method=request.method,
endpoint=view_func.view_class,
category=RateLimitCategory(category_str),
)
if rate_limit is None:
return
request.rate_limit_metadata = above_rate_limit_check(
request.rate_limit_key, rate_limit, request.rate_limit_uid)
# TODO: also limit by concurrent window once we have the data
rate_limit_cond = (request.rate_limit_metadata.rate_limit_type !=
RateLimitType.NOT_LIMITED
if ENFORCE_CONCURRENT_RATE_LIMITS else
request.rate_limit_metadata.rate_limit_type
== RateLimitType.FIXED_WINDOW)
if rate_limit_cond:
request.will_be_rate_limited = True
enforce_rate_limit = getattr(view_func.view_class,
"enforce_rate_limit", False)
if enforce_rate_limit:
return HttpResponse(
{
"detail":
DEFAULT_ERROR_MESSAGE.format(
limit=request.rate_limit_metadata.limit,
window=request.rate_limit_metadata.window,
)
},
status=429,
)
except Exception:
logging.exception(
"Error during rate limiting, failing open. THIS SHOULD NOT HAPPEN"
)
def process_view(self, request: Request, view_func, view_args,
view_kwargs) -> Response | None:
"""Check if the endpoint call will violate."""
request.will_be_rate_limited = False
request.rate_limit_category = None
key = get_rate_limit_key(view_func, request)
if key is None:
return
category_str = key.split(":", 1)[0]
request.rate_limit_category = category_str
rate_limit = get_rate_limit_value(
http_method=request.method,
endpoint=view_func.view_class,
category=RateLimitCategory(category_str),
)
if rate_limit is None:
return
request.rate_limit_metadata = above_rate_limit_check(key, rate_limit)
if request.rate_limit_metadata.is_limited:
request.will_be_rate_limited = True
enforce_rate_limit = getattr(view_func.view_class,
"enforce_rate_limit", False)
if enforce_rate_limit:
return HttpResponse(
{
"detail":
DEFAULT_ERROR_MESSAGE.format(
limit=request.rate_limit_metadata.limit,
window=request.rate_limit_metadata.window,
)
},
status=429,
)
def test_users(self):
user = User(id=1)
self.request.session = {}
self.request.user = user
assert (get_rate_limit_key(self.view, self.request) ==
f"user:OrganizationGroupIndexEndpoint:GET:{user.id}")
def test_ipv6(self):
self.request.META["REMOTE_ADDR"] = "684D:1111:222:3333:4444:5555:6:77"
assert (
get_rate_limit_key(self.view, self.request) ==
"ip:OrganizationGroupIndexEndpoint:GET:684D:1111:222:3333:4444:5555:6:77"
)
def test_ip_address_missing(self):
self.request.META["REMOTE_ADDR"] = None
assert get_rate_limit_key(self.view, self.request) is None
def test_default_ip(self):
assert (get_rate_limit_key(
self.view,
self.request) == "ip:OrganizationGroupIndexEndpoint:GET:127.0.0.1")
def test_group_key(self):
user = User(id=1)
self.request.session = {}
self.request.user = user
assert get_rate_limit_key(
self.view, self.request) == f"user:default:GET:{user.id}"
def test_system_token(self):
self.request.auth = SystemToken()
assert get_rate_limit_key(self.view, self.request) is None