Merge branch 'subsonic-throttling' into 'develop'

Use a dedicated scope for throttling subsonic to avoid intrusive rate-limiting

See merge request funkwhale/funkwhale!987

api/config/settings/common.py

@@ -759,6 +759,10 @@ THROTTLING_RATES = {
         "rate": THROTTLING_USER_RATES.get("anonymous-update", "1000/day"),
         "description": "Anonymous PATCH and PUT requests on resource detail",
     },
+    "subsonic": {
+        "rate": THROTTLING_USER_RATES.get("subsonic", "1000/hour"),
+        "description": "All subsonic API requests",
+    },
     # potentially spammy / dangerous endpoints
     "authenticated-reports": {
         "rate": THROTTLING_USER_RATES.get("authenticated-reports", "100/day"),

api/funkwhale_api/subsonic/views.py

@@ -104,6 +104,7 @@ class SubsonicViewSet(viewsets.GenericViewSet):
     content_negotiation_class = negotiation.SubsonicContentNegociation
     authentication_classes = [authentication.SubsonicAuthentication]
     permission_classes = [rest_permissions.IsAuthenticated]
+    throttling_scopes = {"*": {"authenticated": "subsonic", "anonymous": "subsonic"}}
 
     def dispatch(self, request, *args, **kwargs):
         if not preferences.get("subsonic__enabled"):

changes/changelog.d/subsonic-throttling.enhancement

@@ -0,0 +1 @@
+Use a dedicated scope for throttling subsonic to avoid intrusive rate-limiting