diff --git a/.env.example b/.env.example index 378a617278..0ef4d21913 100644 --- a/.env.example +++ b/.env.example @@ -41,3 +41,6 @@ NGINX_PORT=80 # Force HTTPS for handling SSL Termination MINIO_ENDPOINT_SSL=0 + +# API key rate limit +API_KEY_RATE_LIMIT="60/minute" diff --git a/apiserver/.env.example b/apiserver/.env.example index 50a1c58a79..ff3f353c7d 100644 --- a/apiserver/.env.example +++ b/apiserver/.env.example @@ -62,4 +62,7 @@ APP_BASE_URL= HARD_DELETE_AFTER_DAYS=60 # Force HTTPS for handling SSL Termination -MINIO_ENDPOINT_SSL=0 \ No newline at end of file +MINIO_ENDPOINT_SSL=0 + +# API key rate limit +API_KEY_RATE_LIMIT="60/minute" diff --git a/apiserver/plane/api/rate_limit.py b/apiserver/plane/api/rate_limit.py index a70ae4186e..0d266e98b5 100644 --- a/apiserver/plane/api/rate_limit.py +++ b/apiserver/plane/api/rate_limit.py @@ -1,9 +1,13 @@ +# python imports +import os + +# Third party imports from rest_framework.throttling import SimpleRateThrottle class ApiKeyRateThrottle(SimpleRateThrottle): scope = "api_key" - rate = "60/minute" + rate = os.environ.get("API_KEY_RATE_LIMIT", "60/minute") def get_cache_key(self, request, view): # Retrieve the API key from the request header diff --git a/deploy/selfhost/docker-compose.yml b/deploy/selfhost/docker-compose.yml index 49123c73c2..0dcd89fd93 100644 --- a/deploy/selfhost/docker-compose.yml +++ b/deploy/selfhost/docker-compose.yml @@ -50,6 +50,7 @@ x-app-env: &app-env DATABASE_URL: ${DATABASE_URL:-postgresql://plane:plane@plane-db/plane} SECRET_KEY: ${SECRET_KEY:-60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5} AMQP_URL: ${AMQP_URL:-amqp://plane:plane@plane-mq:5672/plane} + API_KEY_RATE_LIMIT: ${API_KEY_RATE_LIMIT:-60/minute} services: web: diff --git a/deploy/selfhost/variables.env b/deploy/selfhost/variables.env index b10cf11d0d..292a1fdcf2 100644 --- a/deploy/selfhost/variables.env +++ b/deploy/selfhost/variables.env @@ -58,3 +58,5 @@ GUNICORN_WORKERS=1 # UNCOMMENT `DOCKER_PLATFORM` IF YOU ARE ON `ARM64` AND DOCKER IMAGE IS NOT AVAILABLE FOR RESPECTIVE `APP_RELEASE` # DOCKER_PLATFORM=linux/amd64 +# API key rate limit +API_KEY_RATE_LIMIT="60/minute"