⚡ config: Update rate limits; increase hourly caps

DevaOnBreaches · DevaOnBreaches · commit 03b9ca98d64f · 2025-12-24T17:29:18.000+05:30
diff --git a/api/v1/alert.py b/api/v1/alert.py
@@ -36,7 +36,7 @@
 
 
 @router.get("/alertme/{user_email}", response_model=AlertResponse)
-@custom_rate_limiter("50 per day;5 per hour;2 per second")
+@custom_rate_limiter("50 per day;25 per hour;2 per second")
 async def subscribe_to_alert_me(
     user_email: str,
     request: Request,
@@ -135,7 +135,7 @@ async def subscribe_to_alert_me(
 
 
 @router.get("/verifyme/{verification_token}")
-@custom_rate_limiter("50 per day;5 per hour;2 per second")
+@custom_rate_limiter("50 per day;25 per hour;2 per second")
 async def alert_me_verification(verification_token: str, request: Request):
     """Verify alert-me subscription and send initial leaks if any."""
     try:
@@ -215,7 +215,7 @@ async def alert_me_verification(verification_token: str, request: Request):
 
 
 @router.get("/send_verification", response_model=VerificationResponse)
-@custom_rate_limiter("50 per day;10 per hour;2 per second")
+@custom_rate_limiter("50 per day;25 per hour;2 per second")
 async def send_verification(
     token: str = "None", email: str = None, request: Request = None
 ):
diff --git a/api/v1/analytics.py b/api/v1/analytics.py
@@ -110,7 +110,7 @@ async def get_news_feed(request: Request) -> PulseNewsResponse:
         404: {"model": DomainAlertErrorResponse},
     },
 )
-@custom_rate_limiter("2 per second;10 per hour;50 per day")
+@custom_rate_limiter("2 per second;25 per hour;50 per day")
 async def domain_alert(
     request: Request, user_email: str
 ) -> Union[DomainAlertResponse, DomainAlertErrorResponse]:
@@ -215,7 +215,7 @@ async def domain_alert(
         404: {"content": {"text/html": {}}},
     },
 )
-@custom_rate_limiter("2 per second;10 per hour;50 per day")
+@custom_rate_limiter("2 per second;25 per hour;50 per day")
 async def domain_verify(request: Request, verification_token: str) -> HTMLResponse:
     """
     Verify domain alerts using token and return dashboard access.
@@ -703,7 +703,7 @@ async def send_domain_breaches(
         404: {"model": ShieldActivationErrorResponse},
     },
 )
-@custom_rate_limiter("50 per day;10 per hour;2 per second")
+@custom_rate_limiter("50 per day;25 per hour;2 per second")
 async def activate_shield(
     request: Request, email: str
 ) -> Union[ShieldActivationResponse, ShieldActivationErrorResponse]:
@@ -794,7 +794,7 @@ async def activate_shield(
         404: {"content": {"text/html": {}}},
     },
 )
-@custom_rate_limiter("50 per day;10 per hour;2 per second")
+@custom_rate_limiter("50 per day;25 per hour;2 per second")
 async def verify_shield(request: Request, token_shield: str) -> HTMLResponse:
     """
     Verify privacy shield for public searches and return status.
diff --git a/api/v1/api_keys.py b/api/v1/api_keys.py
@@ -23,7 +23,7 @@ class APIKeyResponse(BaseResponse):
 
 
 @router.get("/create-api-key/{token}", response_model=APIKeyResponse)
-@custom_rate_limiter("2 per second;10 per hour;50 per day")
+@custom_rate_limiter("2 per second;25 per hour;50 per day")
 async def create_api_key(token: str, request: Request):
     """Generates or renews an API key for a user identified by a provided token."""
     try:
diff --git a/api/v1/breaches.py b/api/v1/breaches.py
@@ -43,7 +43,7 @@
 
 
 @router.get("/breaches", response_model=BreachListResponse)
-@custom_rate_limiter("2 per second;5 per hour;100 per day")
+@custom_rate_limiter("2 per second;50 per hour;100 per day")
 async def get_xposed_breaches(
     request: Request,
     domain: Optional[str] = None,
@@ -482,7 +482,7 @@ async def search_email(
 
 
 @router.get("/domain-breach-summary", response_model=DomainBreachSummaryResponse)
-@custom_rate_limiter("2 per second;10 per hour;50 per day")
+@custom_rate_limiter("2 per second;25 per hour;50 per day")
 async def get_domain_breach_summary(
     request: Request,
     d: Optional[str] = Query(None, description="Domain to search for breaches"),
diff --git a/api/v1/domain_breaches.py b/api/v1/domain_breaches.py
@@ -72,7 +72,7 @@ class DomainBreachesResponse(BaseResponse):
     response_model=DomainBreachesResponse,
     dependencies=[Depends(csrf_exempt)],
 )
-@custom_rate_limiter("2 per second;10 per hour;50 per day")
+@custom_rate_limiter("2 per second;25 per hour;50 per day")
 async def protected(
     request: Request,
     x_api_key: str = Header(..., description="API key for authentication"),
diff --git a/api/v1/enterprise_validation.py b/api/v1/enterprise_validation.py
@@ -20,7 +20,7 @@ class EnterpriseValidationResponse(BaseModel):
 
 
 @router.post("/validate-enterprise-key", response_model=EnterpriseValidationResponse)
-@custom_rate_limiter("2 per second;10 per hour;50 per day")
+@custom_rate_limiter("2 per second;25 per hour;50 per day")
 async def validate_enterprise_key(
     request: Request,
     x_api_key: str = Header(..., description="Enterprise API key"),
diff --git a/api/v1/monthly_digest.py b/api/v1/monthly_digest.py
@@ -438,7 +438,7 @@ async def debug_redis_state(
 
 @router.post("/debug/redis-clear")
 @custom_rate_limiter(
-    "2 per minute;10 per hour", message="Redis clear endpoint is rate limited"
+    "2 per minute;25 per hour", message="Redis clear endpoint is rate limited"
 )
 async def debug_clear_redis(
     request: Request,  # pylint: disable=unused-argument
diff --git a/config/limiter.py b/config/limiter.py
@@ -1,13 +1,13 @@
 """Centralized rate limiter configuration."""
 
 # Define specific rate limits for different types of routes
-RATE_LIMIT_HELP = "50 per day;10 per hour"  # For help/documentation routes
+RATE_LIMIT_HELP = "50 per day;25 per hour"  # For help/documentation routes
 RATE_LIMIT_UNBLOCK = "24 per day;2 per hour;2 per second"  # For unblock operations
 RATE_LIMIT_BREACHES = "2 per second;5 per hour;100 per day"  # For breach listing
 RATE_LIMIT_CHECK_EMAIL = "2 per second;5 per hour;100 per day"  # For email checks
 RATE_LIMIT_ANALYTICS = (
     "5 per minute;100 per hour;500 per day"  # For analytics endpoints
 )
 RATE_LIMIT_DOMAIN = (
-    "2 per second;10 per hour;50 per day"  # For domain-related endpoints
+    "2 per second;25 per hour;50 per day"  # For domain-related endpoints
 )
diff --git a/config/settings.py b/config/settings.py
@@ -59,7 +59,7 @@
 # Rate Limiting
 RATE_LIMIT_DEFAULT = "2 per second;50 per hour;100 per day"
 RATE_LIMIT_ANALYTICS = "5 per minute;100 per hour;500 per day"
-RATE_LIMIT_DOMAIN = "2 per second;10 per hour;50 per day"
+RATE_LIMIT_DOMAIN = "2 per second;25 per hour;50 per day"
 
 # Security
 MAX_EMAIL_LENGTH = 254

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ class DomainBreachesResponse(BaseResponse):`
`72`	`72`	`response_model=DomainBreachesResponse,`
`73`	`73`	`dependencies=[Depends(csrf_exempt)],`
`74`	`74`	`)`
`75`		`-@custom_rate_limiter("2 per second;10 per hour;50 per day")`
	`75`	`+@custom_rate_limiter("2 per second;25 per hour;50 per day")`
`76`	`76`	`async def protected(`
`77`	`77`	`request: Request,`
`78`	`78`	`x_api_key: str = Header(..., description="API key for authentication"),`
Original file line number	Diff line number	Diff line change
`@@ -438,7 +438,7 @@ async def debug_redis_state(`
`438`	`438`
`439`	`439`	`@router.post("/debug/redis-clear")`
`440`	`440`	`@custom_rate_limiter(`
`441`		`- "2 per minute;10 per hour", message="Redis clear endpoint is rate limited"`
	`441`	`+ "2 per minute;25 per hour", message="Redis clear endpoint is rate limited"`
`442`	`442`	`)`
`443`	`443`	`async def debug_clear_redis(`
`444`	`444`	`request: Request, # pylint: disable=unused-argument`