def test_organization(self): self.request.session = {} sentry_app = self.create_sentry_app(name="Tesla App", published=True, organization=self.organization) install = self.create_sentry_app_installation( slug=sentry_app.slug, organization=self.organization, user=self.user) client_id = sentry_app.application.client_id user = sentry_app.proxy_user api_token = GrantExchanger.run(install=install, code=install.api_grant.code, client_id=client_id, user=user) self.request.user = sentry_app.proxy_user self.request.auth = api_token assert ( get_rate_limit_key(self.view, self.request) == f"org:OrganizationGroupIndexEndpoint:GET:{install.organization_id}" )
def process_view(self, request: Request, view_func, view_args, view_kwargs) -> Response | None: """Check if the endpoint call will violate.""" try: # TODO: put these fields into their own object request.will_be_rate_limited = False request.rate_limit_category = None request.rate_limit_uid = uuid.uuid4().hex request.rate_limit_key = get_rate_limit_key(view_func, request) if request.rate_limit_key is None: return category_str = request.rate_limit_key.split(":", 1)[0] request.rate_limit_category = category_str rate_limit = get_rate_limit_value( http_method=request.method, endpoint=view_func.view_class, category=RateLimitCategory(category_str), ) if rate_limit is None: return request.rate_limit_metadata = above_rate_limit_check( request.rate_limit_key, rate_limit, request.rate_limit_uid) # TODO: also limit by concurrent window once we have the data rate_limit_cond = (request.rate_limit_metadata.rate_limit_type != RateLimitType.NOT_LIMITED if ENFORCE_CONCURRENT_RATE_LIMITS else request.rate_limit_metadata.rate_limit_type == RateLimitType.FIXED_WINDOW) if rate_limit_cond: request.will_be_rate_limited = True enforce_rate_limit = getattr(view_func.view_class, "enforce_rate_limit", False) if enforce_rate_limit: return HttpResponse( { "detail": DEFAULT_ERROR_MESSAGE.format( limit=request.rate_limit_metadata.limit, window=request.rate_limit_metadata.window, ) }, status=429, ) except Exception: logging.exception( "Error during rate limiting, failing open. THIS SHOULD NOT HAPPEN" )
def process_view(self, request: Request, view_func, view_args, view_kwargs) -> Response | None: """Check if the endpoint call will violate.""" request.will_be_rate_limited = False request.rate_limit_category = None key = get_rate_limit_key(view_func, request) if key is None: return category_str = key.split(":", 1)[0] request.rate_limit_category = category_str rate_limit = get_rate_limit_value( http_method=request.method, endpoint=view_func.view_class, category=RateLimitCategory(category_str), ) if rate_limit is None: return request.rate_limit_metadata = above_rate_limit_check(key, rate_limit) if request.rate_limit_metadata.is_limited: request.will_be_rate_limited = True enforce_rate_limit = getattr(view_func.view_class, "enforce_rate_limit", False) if enforce_rate_limit: return HttpResponse( { "detail": DEFAULT_ERROR_MESSAGE.format( limit=request.rate_limit_metadata.limit, window=request.rate_limit_metadata.window, ) }, status=429, )
def test_users(self): user = User(id=1) self.request.session = {} self.request.user = user assert (get_rate_limit_key(self.view, self.request) == f"user:OrganizationGroupIndexEndpoint:GET:{user.id}")
def test_ipv6(self): self.request.META["REMOTE_ADDR"] = "684D:1111:222:3333:4444:5555:6:77" assert ( get_rate_limit_key(self.view, self.request) == "ip:OrganizationGroupIndexEndpoint:GET:684D:1111:222:3333:4444:5555:6:77" )
def test_ip_address_missing(self): self.request.META["REMOTE_ADDR"] = None assert get_rate_limit_key(self.view, self.request) is None
def test_default_ip(self): assert (get_rate_limit_key( self.view, self.request) == "ip:OrganizationGroupIndexEndpoint:GET:127.0.0.1")
def test_group_key(self): user = User(id=1) self.request.session = {} self.request.user = user assert get_rate_limit_key( self.view, self.request) == f"user:default:GET:{user.id}"
def test_system_token(self): self.request.auth = SystemToken() assert get_rate_limit_key(self.view, self.request) is None