[RFC 0/3] Add "events"
Stephen Finucane
stephen at that.guru
Sat Nov 5 01:40:15 AEDT 2016
On 2016-11-04 14:35, Stephen Finucane wrote:
> On 2016-11-01 06:07, Daniel Axtens wrote:
>>>>> 2) Can you elaborate on how you plan to expose this data? ie
>>>>> something
>>>>> via REST?
>>>>
>>>> I've been thinking an '/events' API endpoint for now. This would
>>>> require
>>>> polling from CIs etc., but it would be a good first step.
>>>
>>> Makes sense to me. If we had a /events?created_on__gte=TIMESTAMP, the
>>> API could be used fairly efficiently.
>>
>> ?since= would be much nicer, but that's a minor quibble.
>
> I agree - 'since' and 'until' are what I generally expect. On that
> note, we still have to do REST API filtering :O
>
>> Some random, related thoughts:
>>
>> Does DRF support rate limiting? As we grow a bigger API we might want
>> to
>> consider that.
>
> To the best of my knowledge it does, though I don't know if this is
> something one would do at the application layer. Rate limiting really
> seems like something a lower level component, such as nginx itself or
> HAProxy, would be suited for. If we're going to start making full use
> of the DRF functionality, supporting some form of caching (read:
> ETags) would return far better ROI, IMO.
>
>> Thinking of rate limiting - do we have it for the login page? Should
>> we
>> add it to avoid brute forcing of credentials?
>
> We don't, nor do I know if we care about it. Patchwork would appear to
> be a very low value target, seeing as it has no direct repo or mailing
> list access. However, it looks like there are packages available [1]
> to handle this, however, if sysadmins cared enough. Maybe someone
> should document this.
>
> What are your thoughts on the overall idea. This would, out of
> curiosity, be something you or Andy would fancy running with, would
> it? :)
+ missing link
[1] https://pypi.python.org/pypi/django-axes/
More information about the Patchwork
mailing list