[RFC 0/3] Add "events"

Stephen Finucane stephen at that.guru
Sat Nov 5 01:35:59 AEDT 2016

On 2016-11-01 06:07, Daniel Axtens wrote:
>>>> 2) Can you elaborate on how you plan to expose this data? ie 
>>>> something
>>>> via REST?
>>> I've been thinking an '/events' API endpoint for now. This would 
>>> require
>>> polling from CIs etc., but it would be a good first step.
>> Makes sense to me. If we had a /events?created_on__gte=TIMESTAMP, the
>> API could be used fairly efficiently.
> ?since= would be much nicer, but that's a minor quibble.

I agree - 'since' and 'until' are what I generally expect. On that note, 
we still have to do REST API filtering :O

> Some random, related thoughts:
> Does DRF support rate limiting? As we grow a bigger API we might want 
> to
> consider that.

To the best of my knowledge it does, though I don't know if this is 
something one would do at the application layer. Rate limiting really 
seems like something a lower level component, such as nginx itself or 
HAProxy, would be suited for. If we're going to start making full use of 
the DRF functionality, supporting some form of caching (read: ETags) 
would return far better ROI, IMO.

> Thinking of rate limiting - do we have it for the login page? Should we
> add it to avoid brute forcing of credentials?

We don't, nor do I know if we care about it. Patchwork would appear to 
be a very low value target, seeing as it has no direct repo or mailing 
list access. However, it looks like there are packages available [1] to 
handle this, however, if sysadmins cared enough. Maybe someone should 
document this.

What are your thoughts on the overall idea. This would, out of 
curiosity, be something you or Andy would fancy running with, would it? 


More information about the Patchwork mailing list