Refactor API permissions and throttling: Updated default permission classes to enforce authentication and tenant access. Introduced new permission for system accounts and developers. Enhanced throttling rates for various operations to reduce false 429 errors. Improved API key loading logic to prioritize account-specific settings, with fallbacks to system accounts and Django settings. Updated integration views and sidebar to reflect new permission structure.

2025-12-07 17:23:42 +00:00
parent 3cbed65601
commit 65fea95d33
15 changed files with 374 additions and 71 deletions
--- a/backend/igny8_core/settings.py
+++ b/backend/igny8_core/settings.py
@@ -214,7 +214,8 @@ REST_FRAMEWORK = {
        'rest_framework.filters.OrderingFilter',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.AllowAny',  # Allow unauthenticated access for now
+        'igny8_core.api.permissions.IsAuthenticatedAndActive',
+        'igny8_core.api.permissions.HasTenantAccess',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'igny8_core.api.authentication.APIKeyAuthentication',  # WordPress API key authentication (check first)
@@ -232,33 +233,33 @@ REST_FRAMEWORK = {
        'igny8_core.api.throttles.DebugScopedRateThrottle',
    ],
    'DEFAULT_THROTTLE_RATES': {
-        # AI Functions - Expensive operations
-        'ai_function': '10/min',           # AI content generation, clustering
-        'image_gen': '15/min',            # Image generation
+        # AI Functions - Expensive operations (kept modest but higher to reduce false 429s)
+        'ai_function': '60/min',
+        'image_gen': '90/min',
        # Content Operations
-        'content_write': '30/min',        # Content creation, updates
-        'content_read': '100/min',         # Content listing, retrieval
+        'content_write': '180/min',
+        'content_read': '600/min',
        # Authentication
-        'auth': '20/min',                  # Login, register, password reset
-        'auth_strict': '5/min',            # Sensitive auth operations
-        'auth_read': '120/min',            # Read-only auth-adjacent endpoints (e.g., subscriptions)
+        'auth': '300/min',                  # Login, register, password reset
+        'auth_strict': '120/min',           # Sensitive auth operations
+        'auth_read': '600/min',             # Read-only auth-adjacent endpoints (e.g., subscriptions, industries)
        # Planner Operations
-        'planner': '60/min',               # Keyword, cluster, idea operations
-        'planner_ai': '10/min',            # AI-powered planner operations
+        'planner': '300/min',
+        'planner_ai': '60/min',
        # Writer Operations
-        'writer': '60/min',                # Task, content management
-        'writer_ai': '10/min',             # AI-powered writer operations
+        'writer': '300/min',
+        'writer_ai': '60/min',
        # System Operations
-        'system': '100/min',               # Settings, prompts, profiles
-        'system_admin': '30/min',          # Admin-only system operations
+        'system': '600/min',
+        'system_admin': '120/min',
        # Billing Operations
-        'billing': '30/min',               # Credit queries, usage logs
-        'billing_admin': '10/min',         # Credit management (admin)
-        'linker': '30/min',                # Content linking operations
-        'optimizer': '10/min',             # AI-powered optimization
-        'integration': '100/min',          # Integration operations (WordPress, etc.)
+        'billing': '180/min',
+        'billing_admin': '60/min',
+        'linker': '180/min',
+        'optimizer': '60/min',
+        'integration': '600/min',
        # Default fallback
-        'default': '100/min',              # Default for endpoints without scope
+        'default': '600/min',
    },
    # OpenAPI Schema Generation (drf-spectacular)
    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',