|
112 | 112 | "vulnerabilities.middleware.ban_user_agent.BanUserAgent", |
113 | 113 | "vulnerabilities.middleware.timezone.UserTimezoneMiddleware", |
114 | 114 | "vulnerabilities.middleware.altcha_protection.AltchaProtectionMiddleware", |
| 115 | + "vulnerabilities.middleware.vcio_user_agent.VCIOUserAgentMiddleware", |
115 | 116 | ) |
116 | 117 |
|
117 | 118 | ROOT_URLCONF = "vulnerablecode.urls" |
|
195 | 196 | LOGIN_REDIRECT_URL = "/" |
196 | 197 | LOGOUT_REDIRECT_URL = "/" |
197 | 198 |
|
198 | | -THROTTLE_RATE_ANON = env.str("THROTTLE_RATE_ANON", default="3600/hour") |
| 199 | +THROTTLE_RATE_ANON = env.str("THROTTLE_RATE_ANON", default="10/minute") |
199 | 200 | THROTTLE_RATE_UI = env.str("THROTTLE_RATE_UI", default="15/minute") |
200 | | -THROTTLE_RATE_USER_HIGH = env.str("THROTTLE_RATE_USER_HIGH", default="18000/hour") |
201 | | -THROTTLE_RATE_USER_MEDIUM = env.str("THROTTLE_RATE_USER_MEDIUM", default="14400/hour") |
202 | | -THROTTLE_RATE_USER_LOW = env.str("THROTTLE_RATE_USER_LOW", default="10800/hour") |
| 201 | +THROTTLE_RATE_USER_HIGH = env.str("THROTTLE_RATE_USER_HIGH", default="1/second") |
| 202 | +THROTTLE_RATE_USER_MEDIUM = env.str("THROTTLE_RATE_USER_MEDIUM", default="30/minute") |
| 203 | +THROTTLE_RATE_USER_LOW = env.str("THROTTLE_RATE_USER_LOW", default="20/minute") |
| 204 | + |
| 205 | +VCIO_USER_AGENT = env.str("VCIO_USER_AGENT", default="VCIO_API_AGENT") |
203 | 206 |
|
204 | 207 | REST_FRAMEWORK_DEFAULT_THROTTLE_RATES = { |
205 | 208 | "anon": THROTTLE_RATE_ANON, |
|
263 | 266 | "DATETIME_FORMAT": "%Y-%m-%dT%H:%M:%SZ", |
264 | 267 | } |
265 | 268 |
|
266 | | -api_doc_intro = """ |
| 269 | +api_doc_intro = f""" |
267 | 270 | <div> |
| 271 | + <strong>Note:</strong> All API requests must include the following |
| 272 | + <code>User-Agent</code> header: |
| 273 | + <pre>User-Agent: {VCIO_USER_AGENT} </pre> |
| 274 | + Requests without this exact header value will be rejected. |
268 | 275 | <p><strong>VulnerableCode</strong> is open data and free software by |
269 | 276 | <a href="https://github.com/nexB/vulnerablecode"> nexB Inc. and others.</a> |
270 | 277 | </p> |
|
0 commit comments