Refactor API permissions and throttling: Updated default permission classes to enforce authentication and tenant access. Introduced new permission for system accounts and developers. Enhanced throttling rates for various operations to reduce false 429 errors. Improved API key loading logic to prioritize account-specific settings, with fallbacks to system accounts and Django settings. Updated integration views and sidebar to reflect new permission structure.

2025-12-07 17:23:42 +00:00
parent 3cbed65601
commit 65fea95d33
15 changed files with 374 additions and 71 deletions
--- a/frontend/src/store/onboardingStore.ts
+++ b/frontend/src/store/onboardingStore.ts
@@ -32,6 +32,16 @@ export const useOnboardingStore = create<OnboardingState>()(
      lastSyncedAt: null,
      
      loadFromBackend: async () => {
+        const state = get();
+        // Avoid hammering the endpoint; re-fetch at most every 5 minutes
+        if (state.lastSyncedAt) {
+          const elapsedMs = Date.now() - state.lastSyncedAt.getTime();
+          if (elapsedMs < 5 * 60 * 1000) {
+            return;
+          }
+        }
+        if (state.isLoading) return;
+
        set({ isLoading: true });
        try {
          const setting = await fetchUserSetting(GUIDE_SETTING_KEY);
@@ -44,7 +54,9 @@ export const useOnboardingStore = create<OnboardingState>()(
          });
        } catch (error: any) {
          // 404 means setting doesn't exist yet - that's fine, use local state
-          if (error.status !== 404) {
+          if (error?.status === 429) {
+            // Throttled: back off and don't spam warnings
+          } else if (error?.status !== 404) {
            console.warn('Failed to load guide dismissal from backend:', error);
          }
          set({ isLoading: false });