From 37cc3e423ba3c9893807b419d888caecd9ae9e84 Mon Sep 17 00:00:00 2001 From: usmannasir Date: Mon, 27 Oct 2025 23:21:42 +0500 Subject: [PATCH] Increase rate limits for bulk fix operations from platform MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Problem: Bulk fix operations were hitting rate limits (100 backups per scan). Solution: - Implemented 10x higher rate limits for API key authenticated requests - These are trusted requests from the platform for legitimate bulk operations - Regular file token auth keeps original limits for security Rate Limit Changes: - backup-file: 100 → 1000 for API key auth - get-file: 500 → 5000 for API key auth - replace-file: 100 → 1000 for API key auth - rename-file: 50 → 500 for API key auth - delete-file: 50 → 500 for API key auth This allows bulk fix operations to process up to 1000 files without hitting rate limits, while maintaining security for regular scan operations. --- aiScanner/api.py | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/aiScanner/api.py b/aiScanner/api.py index 913a3e1b8..0dd0319d1 100644 --- a/aiScanner/api.py +++ b/aiScanner/api.py @@ -968,10 +968,11 @@ def scanner_backup_file(request): log_file_operation(scan_id, 'backup', file_path, False, error, request=request) return JsonResponse({'success': False, 'error': error}, status=401) - # Rate limiting - is_allowed, count = check_rate_limit(scan_id, 'backup-file', 100) + # Rate limiting - higher limits for API key authenticated requests (platform operations) + max_backups = 1000 if file_token.auth_type == 'api_key' else 100 + is_allowed, count = check_rate_limit(scan_id, 'backup-file', max_backups) if not is_allowed: - return JsonResponse({'success': False, 'error': 'Rate limit exceeded (max 100 backups per scan)'}, status=429) + return JsonResponse({'success': False, 'error': f'Rate limit exceeded (max {max_backups} backups per scan)'}, status=429) # Security check and get full path try: @@ -1115,10 +1116,11 @@ def scanner_get_file(request): log_file_operation(scan_id, 'read', file_path, False, error, request=request) return JsonResponse({'success': False, 'error': error}, status=401) - # Rate limiting - is_allowed, count = check_rate_limit(scan_id, 'get-file', 500) + # Rate limiting - higher limits for API key authenticated requests (platform operations) + max_reads = 5000 if file_token.auth_type == 'api_key' else 500 + is_allowed, count = check_rate_limit(scan_id, 'get-file', max_reads) if not is_allowed: - return JsonResponse({'success': False, 'error': 'Rate limit exceeded (max 500 file reads per scan)'}, status=429) + return JsonResponse({'success': False, 'error': f'Rate limit exceeded (max {max_reads} file reads per scan)'}, status=429) # Security check and get full path try: @@ -1289,10 +1291,11 @@ def scanner_replace_file(request): log_file_operation(scan_id, 'replace', file_path, False, error, request=request) return JsonResponse({'success': False, 'error': error}, status=401) - # Rate limiting - is_allowed, count = check_rate_limit(scan_id, 'replace-file', 100) + # Rate limiting - higher limits for API key authenticated requests (platform operations) + max_replacements = 1000 if file_token.auth_type == 'api_key' else 100 + is_allowed, count = check_rate_limit(scan_id, 'replace-file', max_replacements) if not is_allowed: - return JsonResponse({'success': False, 'error': 'Rate limit exceeded (max 100 replacements per scan)'}, status=429) + return JsonResponse({'success': False, 'error': f'Rate limit exceeded (max {max_replacements} replacements per scan)'}, status=429) # Security check and get full path try: @@ -1509,10 +1512,11 @@ def scanner_rename_file(request): log_file_operation(scan_id, 'rename', old_path, False, error, request=request) return JsonResponse({'success': False, 'error': error}, status=401) - # Rate limiting - is_allowed, count = check_rate_limit(scan_id, 'rename-file', 50) + # Rate limiting - higher limits for API key authenticated requests (platform operations) + max_renames = 500 if file_token.auth_type == 'api_key' else 50 + is_allowed, count = check_rate_limit(scan_id, 'rename-file', max_renames) if not is_allowed: - return JsonResponse({'success': False, 'error': 'Rate limit exceeded (max 50 renames per scan)'}, status=429) + return JsonResponse({'success': False, 'error': f'Rate limit exceeded (max {max_renames} renames per scan)'}, status=429) # Security check for both paths try: @@ -1682,10 +1686,11 @@ def scanner_delete_file(request): log_file_operation(scan_id, 'delete', file_path, False, error, request=request) return JsonResponse({'success': False, 'error': error}, status=401) - # Rate limiting - is_allowed, count = check_rate_limit(scan_id, 'delete-file', 50) + # Rate limiting - higher limits for API key authenticated requests (platform operations) + max_deletions = 500 if file_token.auth_type == 'api_key' else 50 + is_allowed, count = check_rate_limit(scan_id, 'delete-file', max_deletions) if not is_allowed: - return JsonResponse({'success': False, 'error': 'Rate limit exceeded (max 50 deletions per scan)'}, status=429) + return JsonResponse({'success': False, 'error': f'Rate limit exceeded (max {max_deletions} deletions per scan)'}, status=429) # Security check and get full path try: