From 3dfea0f8a07011531ae937e2ba6a072886bd67be Mon Sep 17 00:00:00 2001
From: Yingtong Li <runassudo@yingtongli.me>
Date: Fri, 25 Jan 2019 18:42:04 +1100
Subject: [PATCH] Configurable ratelimit key

---
 selfserv/settings.example.py | 2 ++
 ssmembership/views.py        | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/selfserv/settings.example.py b/selfserv/settings.example.py
index 55fa19a..417de37 100644
--- a/selfserv/settings.example.py
+++ b/selfserv/settings.example.py
@@ -128,6 +128,8 @@ SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = None # FIXME
 GOOGLE_API_KEY = None # FIXME
 GOOGLE_CALENDAR_ID = None # FIXME
 
+RATELIMIT_KEY = 'ip' # https://django-ratelimit.readthedocs.io/en/stable/keys.html#common-keys e.g. 'header:CF-Connecting-IP'
+
 SOCIAL_AUTH_PIPELINE = (
 	'social_core.pipeline.social_auth.social_details',
 	'social_core.pipeline.social_auth.social_uid',
diff --git a/ssmembership/views.py b/ssmembership/views.py
index ea54c57..a1e9e10 100644
--- a/ssmembership/views.py
+++ b/ssmembership/views.py
@@ -92,7 +92,7 @@ def import_signed(request):
 		'sig': sig_expected
 	})
 
-@ratelimit(key='ip', rate='100/h')
+@ratelimit(key=settings.RATELIMIT_KEY, rate='100/h')
 def import_search(request):
 	if request.method != 'POST':
 		return redirect(reverse('import_index'))