Support 202106 (#994)

* fixes #965: intermittent bug during consolidation of notifications

* fixes #863: better visibility for input validation errors

* fixes #375: re-evaluate affiliation requests on email change

* fixes #741: remove data quality validation for superusers

* fixes #587: customizable pagination in django admin

* fixes #923: Prevent deletion of a last technical contact if there is an existing netixlan object

* better search #23 (first pass)

* black format

* haystack test config to run_tests.py
remove old django_init.py test settings

* black format

* haystack test config fixes

* #23 better search (pt.2)

* rate limit distance queries (#23)
rate limiting based on query filters

* settings controlled blocking of distance filter for unauthenticated / unverified users (#23)

* fix distance filter throttling with api key auth (#23)

* fix anon user access check on distance queries

* search index and performance tweaks

* fix org_id not set in search results

* org id to int

Co-authored-by: Stefan Pratter <stefan@20c.com>

peeringdb_server/rest_throttles.py

@@ -0,0 +1,99 @@
+from django.conf import settings
+from rest_framework import throttling
+from rest_framework.exceptions import PermissionDenied
+
+from peeringdb_server.permissions import get_user_from_request, get_org_key_from_request
+
+
+class FilterThrottle(throttling.SimpleRateThrottle):
+
+    """
+    Base class for API throttling targeted at specific query filters
+
+    Scope name will be 'filter_{self.filter_name}'
+    """
+
+    filter_name = None
+
+    def __init__(self):
+        pass
+
+    def allow_request(self, request, view):
+
+        # If the parameter specified in cls.filter_name
+        # is set in request parameters, set the scope
+        # accordingly
+
+        if self.filter_name in request.query_params:
+            self.scope = f"filter_{self.filter_name}"
+        else:
+            return True
+
+        # user either comes from request.user, or user api key
+        #
+        # it will be None if an organization key is set or request
+        # is anonymous
+        self.user = user = get_user_from_request(request)
+        self.org_key = org_key = get_org_key_from_request(request)
+
+        # Neither user nor organzation key could be identified
+        # Get user directly from request, which will likely return
+        # an anonymous user instance
+
+        if not org_key and not user:
+            self.user = user = request.user
+
+        # require authenticated user to use this filter ?
+
+        require_auth = (
+            getattr(
+                settings, f"API_{self.filter_name.upper()}_FILTER_REQUIRE_AUTH", False
+            )
+            and user
+        )
+
+        # require verified user to use this filter ?
+
+        require_verified = (
+            getattr(
+                settings,
+                f"API_{self.filter_name.upper()}_FILTER_REQUIRE_VERIFIED",
+                False,
+            )
+            and user
+        )
+
+        if (require_auth or require_verified) and not user.is_authenticated:
+            raise PermissionDenied(
+                f"Please authenticate to use the `{self.filter_name}` filter"
+            )
+
+        if require_verified and not user.is_verified_user:
+            raise PermissionDenied(
+                f"Please verify your account to use the `{self.filter_name}` filter"
+            )
+
+        self.rate = self.get_rate()
+        self.num_requests, self.duration = self.parse_rate(self.rate)
+
+        return super().allow_request(request, view)
+
+    def get_cache_key(self, request, view):
+
+        if self.org_key:
+            ident = f"org-key:{self.org_key.prefix}"
+        elif self.user and self.user.is_authenticated:
+            ident = self.user.pk
+        else:
+            ident = self.get_ident(request)
+
+        return self.cache_format % {"scope": self.scope, "ident": ident}
+
+
+class FilterDistanceThrottle(FilterThrottle):
+
+    """
+    Rate limiting for ?distance= queries
+    """
+
+    filter_name = "distance"