From 279cd95e06f6fa45961a182e8347fbb9fdf3cc2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E6=B0=B8=E5=BC=BA?=
 <11704063+s-yongqiang@user.noreply.gitee.com>
Date: Thu, 24 Oct 2024 18:02:17 +0800
Subject: [PATCH 1/3] add internal download rate limit api

---
 seahub/api2/endpoints/internal_api.py | 34 ++++++++++++++++++++++++++-
 seahub/role_permissions/settings.py   |  4 ++++
 seahub/urls.py                        |  4 ++--
 3 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/seahub/api2/endpoints/internal_api.py b/seahub/api2/endpoints/internal_api.py
index 9c5c9f62bd2..192bf4e96e4 100644
--- a/seahub/api2/endpoints/internal_api.py
+++ b/seahub/api2/endpoints/internal_api.py
@@ -11,8 +11,11 @@
 from seahub.base.accounts import User
 from seahub.repo_api_tokens.models import RepoAPITokens
 from seahub.share.models import UploadLinkShare, FileShare, check_share_link_access, check_share_link_access_by_scope
-from seaserv import seafile_api
+from seaserv import seafile_api, ccnet_api
 from seahub.utils.repo import parse_repo_perm
+from seahub.utils.user_permissions import get_user_role
+from seahub.role_permissions.settings import DEFAULT_ENABLED_ROLE_PERMISSIONS
+
 
 logger = logging.getLogger(__name__)
 
@@ -186,3 +189,32 @@ def post(self, request, repo_id):
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
         return Response({'user': rat.app_name})
+
+
+class InternalDownloadRateLimited(APIView):
+    authentication_classes = (SessionCRSFCheckFreeAuthentication, )
+
+    def post(self, request):
+        auth = request.META.get('HTTP_AUTHORIZATION', '').split()
+        is_valid = is_valid_internal_jwt(auth)
+        if not is_valid:
+            error_msg = 'Permission denied.'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+        data = request.data
+        traffic_info_list = {}
+        for user_info in data:
+            org_id = user_info['org_id']
+            username = user_info['username']
+            user = User.objects.get(email=username)
+            role = get_user_role(user)
+            if user_info['org_id'] > 0:
+                monthly_rate_limit_per_user = DEFAULT_ENABLED_ROLE_PERMISSIONS[role]['monthly_rate_limit_per_user']
+                org = ccnet_api.get_org_by_id(org_id)
+                org_users = ccnet_api.get_org_emailusers(org.url_prefix, -1, -1)
+                monthly_rate_limit = monthly_rate_limit_per_user * len(org_users)
+            else:
+                monthly_rate_limit = DEFAULT_ENABLED_ROLE_PERMISSIONS[role]['monthly_rate_limit']
+            traffic_info_list[username] = {'org_id': org_id, 'monthly_rate_limit': monthly_rate_limit}
+
+        return Response(traffic_info_list)
+    
\ No newline at end of file
diff --git a/seahub/role_permissions/settings.py b/seahub/role_permissions/settings.py
index 479ea6fd371..10334a29bcb 100644
--- a/seahub/role_permissions/settings.py
+++ b/seahub/role_permissions/settings.py
@@ -46,6 +46,8 @@ def merge_roles(default, custom):
         'can_publish_repo': True,
         'upload_rate_limit': 0,
         'download_rate_limit': 0,
+        'monthly_rate_limit': 1000,
+        'monthly_rate_limit_per_user': 1000
     },
     GUEST_USER: {
         'can_add_repo': False,
@@ -68,6 +70,8 @@ def merge_roles(default, custom):
         'can_publish_repo': False,
         'upload_rate_limit': 0,
         'download_rate_limit': 0,
+        'monthly_rate_limit': 1000,
+        'monthly_rate_limit_per_user': 1000
     },
 }
 
diff --git a/seahub/urls.py b/seahub/urls.py
index bfdd0c8b7e1..26c3d1aeafc 100644
--- a/seahub/urls.py
+++ b/seahub/urls.py
@@ -5,7 +5,7 @@
 from seahub.ai.apis import ImageCaption, GenerateSummary
 from seahub.api2.endpoints.share_link_auth import ShareLinkUserAuthView, ShareLinkEmailAuthView
 from seahub.api2.endpoints.internal_api import InternalUserListView, InternalCheckShareLinkAccess, \
-    InternalCheckFileOperationAccess
+    InternalCheckFileOperationAccess, InternalDownloadRateLimited
 from seahub.auth.views import multi_adfs_sso, login_simple_check
 from seahub.views import *
 from seahub.views.mobile import mobile_login
@@ -796,7 +796,7 @@
     re_path(r'^api/v2.1/internal/user-list/$', InternalUserListView.as_view(), name="api-v2.1-internal-user-list"),
     re_path(r'^api/v2.1/internal/check-share-link-access/$', InternalCheckShareLinkAccess.as_view(), name="api-v2.1-internal-share-link-info"),
     re_path(r'^api/v2.1/internal/repos/(?P<repo_id>[-0-9a-f]{36})/check-access/$', InternalCheckFileOperationAccess.as_view(), name="api-v2.1-internal-check-file-op-access"),
-    
+    re_path(r'^api/v2.1/internal/download-limit/$', InternalDownloadRateLimited.as_view(), name='api-v2.1-internal-download-limit'),
     ### system admin ###
     re_path(r'^sys/seafadmin/delete/(?P<repo_id>[-0-9a-f]{36})/$', sys_repo_delete, name='sys_repo_delete'),
     path('sys/useradmin/export-excel/', sys_useradmin_export_excel, name='sys_useradmin_export_excel'),

From f544e5b5a80353871de11832a15c68ea7816919f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E6=B0=B8=E5=BC=BA?=
 <11704063+s-yongqiang@user.noreply.gitee.com>
Date: Fri, 25 Oct 2024 10:37:10 +0800
Subject: [PATCH 2/3] optimize

---
 seahub/api2/endpoints/internal_api.py | 2 +-
 seahub/role_permissions/settings.py   | 8 ++++----
 seahub/urls.py                        | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/seahub/api2/endpoints/internal_api.py b/seahub/api2/endpoints/internal_api.py
index 192bf4e96e4..430ad06e182 100644
--- a/seahub/api2/endpoints/internal_api.py
+++ b/seahub/api2/endpoints/internal_api.py
@@ -191,7 +191,7 @@ def post(self, request, repo_id):
         return Response({'user': rat.app_name})
 
 
-class InternalDownloadRateLimited(APIView):
+class InternalDownloadRateLimitView(APIView):
     authentication_classes = (SessionCRSFCheckFreeAuthentication, )
 
     def post(self, request):
diff --git a/seahub/role_permissions/settings.py b/seahub/role_permissions/settings.py
index 10334a29bcb..3e069cc875b 100644
--- a/seahub/role_permissions/settings.py
+++ b/seahub/role_permissions/settings.py
@@ -46,8 +46,8 @@ def merge_roles(default, custom):
         'can_publish_repo': True,
         'upload_rate_limit': 0,
         'download_rate_limit': 0,
-        'monthly_rate_limit': 1000,
-        'monthly_rate_limit_per_user': 1000
+        'monthly_rate_limit': 0,
+        'monthly_rate_limit_per_user': 0
     },
     GUEST_USER: {
         'can_add_repo': False,
@@ -70,8 +70,8 @@ def merge_roles(default, custom):
         'can_publish_repo': False,
         'upload_rate_limit': 0,
         'download_rate_limit': 0,
-        'monthly_rate_limit': 1000,
-        'monthly_rate_limit_per_user': 1000
+        'monthly_rate_limit': 0,
+        'monthly_rate_limit_per_user': 0
     },
 }
 
diff --git a/seahub/urls.py b/seahub/urls.py
index 26c3d1aeafc..3b0ec639646 100644
--- a/seahub/urls.py
+++ b/seahub/urls.py
@@ -5,7 +5,7 @@
 from seahub.ai.apis import ImageCaption, GenerateSummary
 from seahub.api2.endpoints.share_link_auth import ShareLinkUserAuthView, ShareLinkEmailAuthView
 from seahub.api2.endpoints.internal_api import InternalUserListView, InternalCheckShareLinkAccess, \
-    InternalCheckFileOperationAccess, InternalDownloadRateLimited
+    InternalCheckFileOperationAccess, InternalDownloadRateLimitView
 from seahub.auth.views import multi_adfs_sso, login_simple_check
 from seahub.views import *
 from seahub.views.mobile import mobile_login
@@ -796,7 +796,7 @@
     re_path(r'^api/v2.1/internal/user-list/$', InternalUserListView.as_view(), name="api-v2.1-internal-user-list"),
     re_path(r'^api/v2.1/internal/check-share-link-access/$', InternalCheckShareLinkAccess.as_view(), name="api-v2.1-internal-share-link-info"),
     re_path(r'^api/v2.1/internal/repos/(?P<repo_id>[-0-9a-f]{36})/check-access/$', InternalCheckFileOperationAccess.as_view(), name="api-v2.1-internal-check-file-op-access"),
-    re_path(r'^api/v2.1/internal/download-limit/$', InternalDownloadRateLimited.as_view(), name='api-v2.1-internal-download-limit'),
+    re_path(r'^api/v2.1/internal/download-limit/$', InternalDownloadRateLimitView.as_view(), name='api-v2.1-internal-download-limit'),
     ### system admin ###
     re_path(r'^sys/seafadmin/delete/(?P<repo_id>[-0-9a-f]{36})/$', sys_repo_delete, name='sys_repo_delete'),
     path('sys/useradmin/export-excel/', sys_useradmin_export_excel, name='sys_useradmin_export_excel'),

From 557b1c9bc7444b928afdc3b93d2577e31073d37f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E6=B0=B8=E5=BC=BA?=
 <11704063+s-yongqiang@user.noreply.gitee.com>
Date: Fri, 25 Oct 2024 11:32:58 +0800
Subject: [PATCH 3/3] update test case

---
 tests/seahub/role_permissions/test_utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/seahub/role_permissions/test_utils.py b/tests/seahub/role_permissions/test_utils.py
index 4f0a03a780b..2b0fd748e6d 100644
--- a/tests/seahub/role_permissions/test_utils.py
+++ b/tests/seahub/role_permissions/test_utils.py
@@ -11,4 +11,4 @@ def test_get_available_role(self):
         assert DEFAULT_USER in get_available_roles()
 
     def test_get_enabled_role_permissions_by_role(self):
-        assert len(list(get_enabled_role_permissions_by_role(DEFAULT_USER).keys())) == 20
+        assert len(list(get_enabled_role_permissions_by_role(DEFAULT_USER).keys())) == 22