From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 3 Mar 2026 16:37:44 +0000 (+0000)
Subject: auth: Allow to mark some API keys to never be ratelimited
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6195507de8a04c924db06980413c98586e0171d;p=dbl.git

auth: Allow to mark some API keys to never be ratelimited

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/database.sql b/src/database.sql
index ff5f411..bd747eb 100644
--- a/src/database.sql
+++ b/src/database.sql
@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
-\restrict eKEDDgUfPNvnW4rVUzYeVjaWYWpaanMRnCSzmfxb3B7N83rA9qmJYZl5gCT8wnK
+\restrict djz8ldYp4Ibt0nuMIDjTvZxpbMpzfk5h4nJXJqevhuhHUcLnPp7CWYU7CqIZtDF
 
 -- Dumped from database version 17.7 (Debian 17.7-0+deb13u1)
 -- Dumped by pg_dump version 17.7 (Debian 17.7-0+deb13u1)
@@ -37,7 +37,8 @@ CREATE TABLE public.api_keys (
     deleted_by text,
     uid text NOT NULL,
     can_impersonate boolean DEFAULT false NOT NULL,
-    last_used_at timestamp with time zone
+    last_used_at timestamp with time zone,
+    is_ratelimited boolean DEFAULT true NOT NULL
 );
 
 
@@ -704,5 +705,5 @@ ALTER TABLE ONLY public.sources
 -- PostgreSQL database dump complete
 --
 
-\unrestrict eKEDDgUfPNvnW4rVUzYeVjaWYWpaanMRnCSzmfxb3B7N83rA9qmJYZl5gCT8wnK
+\unrestrict djz8ldYp4Ibt0nuMIDjTvZxpbMpzfk5h4nJXJqevhuhHUcLnPp7CWYU7CqIZtDF
 
diff --git a/src/dbl/auth.py b/src/dbl/auth.py
index 75fc1df..4544860 100644
--- a/src/dbl/auth.py
+++ b/src/dbl/auth.py
@@ -189,3 +189,7 @@ class APIKey(sqlmodel.SQLModel, database.BackendMixin, table=True):
 			Called when the API key has been used
 		"""
 		self.last_used_at = sqlmodel.func.current_timestamp()
+
+	# Is Ratelimited?
+
+	is_ratelimited: bool = True
diff --git a/src/dbl/ratelimiter.py b/src/dbl/ratelimiter.py
index f006c47..0ff51c9 100644
--- a/src/dbl/ratelimiter.py
+++ b/src/dbl/ratelimiter.py
@@ -130,6 +130,16 @@ class RateLimiterRequest(object):
 		"""
 			Returns True if the request is prohibited by the rate limiter
 		"""
+		# Fetch the API key
+		if self.api_key:
+			# Fetch the API key
+			key = await self.backend.auth(api_key)
+
+			# If the API key was found and is not ratelimited, we skip further checks
+			if key and not key.is_ratelimited:
+				return False
+
+		# Fetch the number of past requests
 		self.requests = await self.get_requests()
 
 		# The client is rate-limited when more requests have been