Skip to content

feat(backend): add throtteling by default#11951

Open
matmair wants to merge 6 commits into
inventree:masterfrom
matmair:feat(backend)--add-throtteling-by-default
Open

feat(backend): add throtteling by default#11951
matmair wants to merge 6 commits into
inventree:masterfrom
matmair:feat(backend)--add-throtteling-by-default

Conversation

@matmair

@matmair matmair commented May 15, 2026

Copy link
Copy Markdown
Member

Part of SAST / AI-driven vuln discovery was how trivial some API points are to DoS attack (unknowingly even when using an MCP); while these limits are too lax for small instances they should keep the impact on most instances minimal while providing a good first barrier.

As I already mentioned in the threat model: a WAF is much better solution to this but most instances on the internet seem to not use that.

@matmair matmair added this to the 1.4.0 milestone May 15, 2026
@matmair matmair self-assigned this May 15, 2026
@matmair matmair requested a review from SchrodingersGat as a code owner May 15, 2026 18:33
@matmair matmair added api Relates to the API setup Relates to the InvenTree setup / installation process breaking Indicates a major update or change which breaks compatibility labels May 15, 2026
@netlify

netlify Bot commented May 15, 2026
edited
Loading

Copy link
Copy Markdown

Deploy Preview for inventree-web-pui-preview canceled.

Name Link
🔨 Latest commit f354ace
🔍 Latest deploy log https://app.netlify.com/projects/inventree-web-pui-preview/deploys/6a124763dd37fe0008213700

@codecov

codecov Bot commented May 15, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 50.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.28%. Comparing base (6530052) to head (f354ace).
⚠️ Report is 80 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11951      +/-   ##
==========================================
- Coverage   91.29%   91.28%   -0.01%     
==========================================
  Files         971      971              
  Lines       51255    51263       +8     
==========================================
+ Hits        46792    46796       +4     
- Misses       4463     4467       +4
Flag Coverage Δ
backend 90.32% <50.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
Backend Apps 91.56% <ø> (ø)
Backend General 93.37% <ø> (ø)
Frontend ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@SchrodingersGat

SchrodingersGat commented May 15, 2026

Copy link
Copy Markdown
Member

Any testing we can apply to this?

@SchrodingersGat

SchrodingersGat commented May 15, 2026

Copy link
Copy Markdown
Member

I also wonder whether these limits are sufficient for loading 2-3 pages simultaneously? A page load can throw a few requests to the server, this should be tested thoroughly with some abusive page loads.

@matmair

matmair commented May 16, 2026

Copy link
Copy Markdown
Member Author

I will look into testing

@matmair matmair modified the milestones: 1.4.0, 2.0.0 May 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SchrodingersGat SchrodingersGat Awaiting requested review from SchrodingersGat SchrodingersGat is a code owner

Assignees

@matmair matmair

Labels

api Relates to the API breaking Indicates a major update or change which breaks compatibility setup Relates to the InvenTree setup / installation process

Projects

None yet

Milestone

2.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@matmair @SchrodingersGat