From c2df644e5faec7013412080a0a258117ae4ccaf8 Mon Sep 17 00:00:00 2001
From: Madison Swain-Bowden <bowdenm@spu.edu>
Date: Tue, 21 Jun 2022 08:18:58 -0700
Subject: [PATCH] Reduce throttling threshold, allow throttling config via env
 vars (#763)

---
 api/catalog/api/docs/README.md | 4 ++--
 api/catalog/settings.py        | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/api/catalog/api/docs/README.md b/api/catalog/api/docs/README.md
index b80a80103..e3c80a571 100644
--- a/api/catalog/api/docs/README.md
+++ b/api/catalog/api/docs/README.md
@@ -10,8 +10,8 @@ of openly-licensed works, including articles, songs, videos, photographs,
 paintings, and more. Using this API, developers will be able to access the
 digital commons in their own applications.
 
-Please note that there is a rate limit of 5000 requests per day and 60 requests
-per minute rate limit in place for anonymous users. This is fine for introducing
+Please note that there is a rate limit of 100 requests per day and 5 requests
+per hour rate limit in place for anonymous users. This is fine for introducing
 yourself to the API, but we strongly recommend that you obtain an API key as
 soon as possible. Authorized clients have a higher rate limit of 10000 requests
 per day and 100 requests per minute. Additionally, Openverse can give your key
diff --git a/api/catalog/settings.py b/api/catalog/settings.py
index 802027561..4c915d5fa 100644
--- a/api/catalog/settings.py
+++ b/api/catalog/settings.py
@@ -118,6 +118,9 @@
 
 OAUTH2_PROVIDER_APPLICATION_MODEL = "api.ThrottledApplication"
 
+THROTTLE_ANON_BURST = config("THROTTLE_ANON_BURST", default="5/hour")
+THROTTLE_ANON_SUSTAINED = config("THROTTLE_ANON_SUSTAINED", default="100/day")
+
 REST_FRAMEWORK = {
     "DEFAULT_AUTHENTICATION_CLASSES": (
         "oauth2_provider.contrib.rest_framework.OAuth2Authentication",
@@ -137,8 +140,8 @@
         "catalog.api.utils.throttle.EnhancedOAuth2IdThrottleBurstRate",
     ),
     "DEFAULT_THROTTLE_RATES": {
-        "anon_burst": "60/min",
-        "anon_sustained": "5000/day",
+        "anon_burst": THROTTLE_ANON_BURST,
+        "anon_sustained": THROTTLE_ANON_SUSTAINED,
         "oauth2_client_credentials_sustained": "10000/day",
         "oauth2_client_credentials_burst": "100/min",
         "enhanced_oauth2_client_credentials_sustained": "20000/day",