From 523b96a6d252bada8d1a1b0dfc11463d971620e1 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 29 Aug 2021 19:33:18 +0200
Subject: [PATCH] api: add basic rate limiting for sentry endpoint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/api/v2/sentry.py | 11 +++++++++--
 schema.yml                 | 17 +++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/authentik/api/v2/sentry.py b/authentik/api/v2/sentry.py
index dc0935814..3fca12d60 100644
--- a/authentik/api/v2/sentry.py
+++ b/authentik/api/v2/sentry.py
@@ -4,16 +4,23 @@ from json import loads
 from django.conf import settings
 from django.http.request import HttpRequest
 from django.http.response import HttpResponse
-from django.views.generic.base import View
 from requests import post
 from requests.exceptions import RequestException
+from rest_framework.permissions import AllowAny
+from rest_framework.throttling import AnonRateThrottle, UserRateThrottle
+from rest_framework.views import APIView
 
 from authentik.lib.config import CONFIG
 
 
-class SentryTunnelView(View):
+class SentryTunnelView(APIView):
     """Sentry tunnel, to prevent ad blockers from blocking sentry"""
 
+    serializer_class = None
+    parser_classes = []
+    throttle_classes = [AnonRateThrottle, UserRateThrottle]
+    permission_classes = [AllowAny]
+
     def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
         """Sentry tunnel, to prevent ad blockers from blocking sentry"""
         # Only allow usage of this endpoint when error reporting is enabled
diff --git a/schema.yml b/schema.yml
index ff0433d3d..a8af80162 100644
--- a/schema.yml
+++ b/schema.yml
@@ -12402,6 +12402,23 @@ paths:
           $ref: '#/components/schemas/ValidationError'
         '403':
           $ref: '#/components/schemas/GenericError'
+  /api/v2beta/sentry/:
+    post:
+      operationId: sentry_create
+      description: Sentry tunnel, to prevent ad blockers from blocking sentry
+      tags:
+      - sentry
+      security:
+      - authentik: []
+      - cookieAuth: []
+      - {}
+      responses:
+        '200':
+          description: No response body
+        '400':
+          $ref: '#/components/schemas/ValidationError'
+        '403':
+          $ref: '#/components/schemas/GenericError'
   /api/v2beta/sources/all/:
     get:
       operationId: sources_all_list