Pr comments

Author: ajay-sentry

codecov/settings_base.py

@@ -99,10 +99,12 @@
     "setup", "graphql", "query_cost_threshold", default=10000
 )
 
-GRAPHQL_RATE_LIMIT_VALUE = get_config(
-    "setup", "graphql", "rate_limit_value", default=300
+GRAPHQL_RATE_LIMIT_ENABLED = get_config(
+    "setup", "graphql", "rate_limit_enabled", default=True
 )
 
+GRAPHQL_RATE_LIMIT_RPM = get_config("setup", "graphql", "rate_limit_rpm", default=300)
+
 # Database
 # https://docs.djangoproject.com/en/2.1/ref/settings/#databases
 

codecov/settings_staging.py

@@ -65,9 +65,7 @@
 # 25MB in bytes
 DATA_UPLOAD_MAX_MEMORY_SIZE = 26214400
 
-GRAPHQL_RATE_LIMIT_VALUE = get_config(
-    "setup", "graphql", "rate_limit_value", default=1000
-)
+GRAPHQL_RATE_LIMIT_RPM = get_config("setup", "graphql", "rate_limit_rpm", default=1000)
 
 # Same site is set to none on Staging as we want to be able to call the API
 # From Netlify preview deploy

graphql_api/tests/test_views.py

@@ -203,7 +203,7 @@ async def test_query_metrics_extension_set_type_and_name_timeout(
 
     @patch("sentry_sdk.metrics.incr")
     @patch("graphql_api.views.AsyncGraphqlView._check_ratelimit")
-    @override_settings(DEBUG=False, GRAPHQL_RATE_LIMIT_VALUE=1000)
+    @override_settings(DEBUG=False, GRAPHQL_RATE_LIMIT_RPM=1000)
     async def test_when_rate_limit_reached(
         self, mocked_check_ratelimit, mocked_sentry_incr
     ):
@@ -223,6 +223,17 @@ async def test_when_rate_limit_reached(
         ]
         mocked_sentry_incr.assert_has_calls(expected_calls)
 
+    @override_settings(
+        DEBUG=False, GRAPHQL_RATE_LIMIT_RPM=0, GRAPHQL_RATE_LIMIT_ENABLED=False
+    )
+    def test_rate_limit_disabled(self):
+        # rate limit is 0, so any request would cause a rate limit if the GQL rate limit was enabled
+        view = AsyncGraphqlView()
+        request = Mock()
+
+        result = view._check_ratelimit(request)
+        assert result == False
+
     def test_client_ip_from_x_forwarded_for(self):
         view = AsyncGraphqlView()
         request = Mock()

graphql_api/views.py

@@ -233,7 +233,7 @@ async def post(self, request, *args, **kwargs):
             return JsonResponse(
                 data={
                     "status": 429,
-                    "detail": f"It looks like you've hit the rate limit of {settings.GRAPHQL_RATE_LIMIT_VALUE} req/min. Try again later.",
+                    "detail": f"It looks like you've hit the rate limit of {settings.GRAPHQL_RATE_LIMIT_RPM} req/min. Try again later.",
                 },
                 status=429,
             )
@@ -306,6 +306,9 @@ def _get_user(self, request):
             request.user.pk
 
     def _check_ratelimit(self, request):
+        if not settings.GRAPHQL_RATE_LIMIT_ENABLED:
+            return False
+
         redis = get_redis_connection()
 
         try:
@@ -320,7 +323,7 @@ def _check_ratelimit(self, request):
             user_ip = self.get_client_ip(request)
             key = f"rl-ip:{user_ip}"
 
-        limit = settings.GRAPHQL_RATE_LIMIT_VALUE
+        limit = settings.GRAPHQL_RATE_LIMIT_RPM
         window = 60  # in seconds
 
         current_count = redis.get(key)