added ability to set rate limiting for url import

.env.template

@@ -185,3 +185,7 @@ REMOTE_USER_AUTH=0
 
 # if you want to do many requests to the FDC API you need to get a (free) API key. Demo key is limited to 30 requests / hour or 50 requests / day
 #FDC_API_KEY=DEMO_KEY
+
+# API throttle limits
+# you may use X per second, minute, hour or day
+# DRF_THROTTLE_RECIPE_URL_IMPORT=60/hour

cookbook/urls.py

@@ -129,7 +129,7 @@ urlpatterns = [
     path('api/sync_all/', api.sync_all, name='api_sync'),
     path('api/log_cooking/<int:recipe_id>/', api.log_cooking, name='api_log_cooking'),
     path('api/plan-ical/<slug:from_date>/<slug:to_date>/', api.get_plan_ical, name='api_get_plan_ical'),
-    path('api/recipe-from-source/', api.recipe_from_source, name='api_recipe_from_source'),
+    path('api/recipe-from-source/', api.RecipeUrlImportView.as_view(), name='api_recipe_from_source'),
     path('api/backup/', api.get_backup, name='api_backup'),
     path('api/ingredient-from-string/', api.ingredient_from_string, name='api_ingredient_from_string'),
     path('api/share-link/<int:pk>', api.share_link, name='api_share_link'),

cookbook/views/api.py

@@ -46,7 +46,7 @@ from rest_framework.pagination import PageNumberPagination
 from rest_framework.parsers import MultiPartParser
 from rest_framework.renderers import JSONRenderer, TemplateHTMLRenderer
 from rest_framework.response import Response
-from rest_framework.throttling import AnonRateThrottle
+from rest_framework.throttling import AnonRateThrottle, UserRateThrottle
 from rest_framework.views import APIView
 from rest_framework.viewsets import ViewSetMixin
 from treebeard.exceptions import InvalidMoveToDescendant, InvalidPosition, PathOverflow
@@ -104,7 +104,7 @@ from cookbook.serializer import (AccessTokenSerializer, AutomationSerializer,
                                  UserSerializer, UserSpaceSerializer, ViewLogSerializer)
 from cookbook.views.import_export import get_integration
 from recipes import settings
-from recipes.settings import FDC_API_KEY
+from recipes.settings import FDC_API_KEY, DRF_THROTTLE_RECIPE_URL_IMPORT
 
 
 class StandardFilterMixin(ViewSetMixin):
@@ -1298,6 +1298,10 @@ class AuthTokenThrottle(AnonRateThrottle):
     rate = '10/day'
 
 
+class RecipeImportThrottle(UserRateThrottle):
+    rate = DRF_THROTTLE_RECIPE_URL_IMPORT
+
+
 class CustomAuthToken(ObtainAuthToken):
     throttle_classes = [AuthTokenThrottle]
 
@@ -1323,11 +1327,11 @@ class CustomAuthToken(ObtainAuthToken):
         })
 
 
-@api_view(['POST'])
+class RecipeUrlImportView(ObtainAuthToken):
-# @schema(AutoSchema()) #TODO add proper schema
+    throttle_classes = [RecipeImportThrottle]
-@permission_classes([CustomIsUser & CustomTokenHasReadWriteScope])
+    permission_classes = [CustomIsUser & CustomTokenHasReadWriteScope]
-# TODO add rate limiting
+
-def recipe_from_source(request):
+    def post(self, request, *args, **kwargs):
         """
         function to retrieve a recipe from a given url or source string
         :param request: standard request with additional post parameters

recipes/settings.py

@@ -96,6 +96,8 @@ SHARING_LIMIT = int(os.getenv('SHARING_LIMIT', 0))
 
 ACCOUNT_SIGNUP_FORM_CLASS = 'cookbook.forms.AllAuthSignupForm'
 
+DRF_THROTTLE_RECIPE_URL_IMPORT = os.getenv('DRF_THROTTLE_RECIPE_URL_IMPORT', '60/hour')
+
 TERMS_URL = os.getenv('TERMS_URL', '')
 PRIVACY_URL = os.getenv('PRIVACY_URL', '')
 IMPRINT_URL = os.getenv('IMPRINT_URL', '')