48 lines
1.6 KiB
Python
48 lines
1.6 KiB
Python
# Copyright (c) 2023-present Plane Software, Inc. and contributors
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
# See the LICENSE file for details.
|
|
|
|
# Third party imports
|
|
from rest_framework.throttling import AnonRateThrottle, UserRateThrottle
|
|
from rest_framework import status
|
|
from rest_framework.response import Response
|
|
|
|
# Module imports
|
|
from plane.authentication.adapter.error import (
|
|
AuthenticationException,
|
|
AUTHENTICATION_ERROR_CODES,
|
|
)
|
|
|
|
|
|
class AuthenticationThrottle(AnonRateThrottle):
|
|
rate = "30/minute"
|
|
scope = "authentication"
|
|
|
|
def throttle_failure_view(self, request, *args, **kwargs):
|
|
try:
|
|
raise AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["RATE_LIMIT_EXCEEDED"],
|
|
error_message="RATE_LIMIT_EXCEEDED",
|
|
)
|
|
except AuthenticationException as e:
|
|
return Response(e.get_error_dict(), status=status.HTTP_429_TOO_MANY_REQUESTS)
|
|
|
|
|
|
class EmailVerificationThrottle(UserRateThrottle):
|
|
"""
|
|
Throttle for email verification code generation.
|
|
Limits to 3 requests per hour per user to prevent abuse.
|
|
"""
|
|
|
|
rate = "3/hour"
|
|
scope = "email_verification"
|
|
|
|
def throttle_failure_view(self, request, *args, **kwargs):
|
|
try:
|
|
raise AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["RATE_LIMIT_EXCEEDED"],
|
|
error_message="RATE_LIMIT_EXCEEDED",
|
|
)
|
|
except AuthenticationException as e:
|
|
return Response(e.get_error_dict(), status=status.HTTP_429_TOO_MANY_REQUESTS)
|