Merge f354ace571 into 5df2adae6d
This commit is contained in:
commit
43ce4d1e03
|
|
@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
- [#12107](https://github.com/inventree/InvenTree/pull/12107) makes a breaking change to the `SalesOrderStatusGroups` enum, fixing a bug where the "shipped" status was not included in the "active" group. This change may affect any external client applications which make use of the `SalesOrderStatusGroups` enum, as the "shipped" status will now be included in the "active" group instead of the "complete" group. If you are using this enum in an external client application, you will need to update your application to account for this change.
|
||||
- [#9604](https://github.com/inventree/InvenTree/pull/9604) refactors user API endpoint to be less ambiguous
|
||||
- [#11893](https://github.com/inventree/InvenTree/pull/11893) bumps Node environment to version 24 LTS - this is only relevant if you build the frontend assets yourself
|
||||
- [#11951](https://github.com/inventree/InvenTree/pull/11951) adds API throtteling by default to make DoS attacks more difficult. This can be disabled by setting the `INVENTREE_THROTTLE_ANON` and `INVENTREE_THROTTLE_USER` settings to `None` (either via environment variable or config file). The default throttling rates are 20 requests per minute for anonymous users, and 20 requests per second for authenticated users.
|
||||
|
||||
### Added
|
||||
|
||||
|
|
|
|||
|
|
@ -136,7 +136,8 @@ Depending on how your InvenTree installation is configured, you will need to pay
|
|||
| `INVENTREE_X_FORWARDED_PROTO_NAME` | `x_forwarded_proto_name` | `HTTP_X_FORWARDED_PROTO` | Name of the header to use for forwarded protocol information |
|
||||
{{ configsetting("INVENTREE_SESSION_COOKIE_SECURE") }} Enforce secure session cookies |
|
||||
{{ configsetting("INVENTREE_COOKIE_SAMESITE") }} Session cookie mode. Must be one of `Strict | Lax | None | False`. Refer to the [mozilla developer docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) and the [django documentation]({% include "django.html" %}/ref/settings/#std-setting-SESSION_COOKIE_SAMESITE) for more information. |
|
||||
|
||||
{{ configsetting("INVENTREE_THROTTLE_ANON") }} Throttle rate for anonymous users (e.g. '20/minute') |
|
||||
{{ configsetting("INVENTREE_THROTTLE_USER") }} Throttle rate for authenticated users (e.g. '5/second') |
|
||||
|
||||
### Debug Mode
|
||||
|
||||
|
|
|
|||
|
|
@ -529,6 +529,8 @@ REST_FRAMEWORK = {
|
|||
'DEFAULT_METADATA_CLASS': 'InvenTree.metadata.InvenTreeMetadata',
|
||||
'DEFAULT_RENDERER_CLASSES': ['rest_framework.renderers.JSONRenderer'],
|
||||
'TOKEN_MODEL': 'users.models.ApiToken',
|
||||
'DEFAULT_THROTTLE_CLASSES': [],
|
||||
'DEFAULT_THROTTLE_RATES': {},
|
||||
}
|
||||
|
||||
if DEBUG:
|
||||
|
|
@ -544,6 +546,21 @@ if USE_JWT:
|
|||
JWT_AUTH_REFRESH_COOKIE = 'inventree-token'
|
||||
INSTALLED_APPS.append('rest_framework_simplejwt')
|
||||
|
||||
# Throtteling setup
|
||||
THROTTLE_ANON = get_setting('INVENTREE_THROTTLE_ANON', 'throttle.anon', '20/minute')
|
||||
THROTTLE_USER = get_setting('INVENTREE_THROTTLE_USER', 'throttle.user', '60/second')
|
||||
|
||||
if not DEBUG and THROTTLE_ANON and str(THROTTLE_ANON).lower() != 'none':
|
||||
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['anon'] = THROTTLE_ANON
|
||||
REST_FRAMEWORK['DEFAULT_THROTTLE_CLASSES'].append(
|
||||
'rest_framework.throttling.AnonRateThrottle'
|
||||
)
|
||||
if not DEBUG and THROTTLE_USER and str(THROTTLE_USER).lower() != 'none':
|
||||
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES']['user'] = THROTTLE_USER
|
||||
REST_FRAMEWORK['DEFAULT_THROTTLE_CLASSES'].append(
|
||||
'rest_framework.throttling.UserRateThrottle'
|
||||
)
|
||||
|
||||
# WSGI default setting
|
||||
WSGI_APPLICATION = 'InvenTree.wsgi.application'
|
||||
|
||||
|
|
|
|||
|
|
@ -162,6 +162,11 @@ cors:
|
|||
|
||||
# regex:
|
||||
|
||||
# Throttling is applied to the API by default to make DoS attacks more difficult; these can be disabled by setting them to None.
|
||||
# throttle:
|
||||
# anon: '20/minute'
|
||||
# user: '60/second'
|
||||
|
||||
# MEDIA_ROOT is the local filesystem location for storing uploaded files
|
||||
#media_root: '/home/inventree/data/media'
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue