Edward Ribeiro
bbc9323c4a
Fix 5 code-quality issues in RateLimitMiddleware
1. user_id: str(request.user.pk) — pk is int, lower()/strip() were no-ops
2. Redis key constants: RL_IP_REQUESTS, RL_IP_BLOCKED, RL_USER_REQUESTS,
RL_USER_BLOCKED, RL_NS_WINDOW — no more inline f-string literals
3. Tenant namespace: _NAMESPACE resolved once at module load from
POD_NAMESPACE env var (K8s Downward API) → service-account namespace
file → 'global' fallback. No per-request getattr(request, 'tenant').
4. KEY_PREFIX in CACHES['default'] set to POD_NAMESPACE (e.g. patobranco-pr)
so each tenant's cache keys are isolated in shared Redis.
5. Logger extra: replaced getattr(request, 'tenant', 'unknown') with
_NAMESPACE (the actual resolved constant).
settings.py: add POD_NAMESPACE = config('POD_NAMESPACE', default='sapl');
use it as KEY_PREFIX.
start.sh: add resolve_pod_namespace() (Downward API → SA file → fallback);
call it before resolve_redis_url(); write POD_NAMESPACE into .env.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2 months ago
Edward Ribeiro
911b13540d
Phase 1: shared Redis pod — Django dual-backend cache + startup wiring
django/settings.py:
- REDIS_URL / CACHE_BACKEND env vars read at startup (written by start.sh)
- CACHES['default'] (DB0, KEY_PREFIX='sapl') switches between django-redis
and FileBasedCache transparently; IGNORE_EXCEPTIONS=True for graceful
degradation on Redis failure
- CACHES['ratelimit'] (DB1, no prefix) for cross-pod rate-limit counters
- RATELIMIT_USE_CACHE = 'ratelimit'
- Connection pool capped at 6/worker (1,200 pods × 2 workers × 6 = 14,400
peak connections; maxclients=20,000 gives 40% headroom)
start.sh:
- resolve_redis_url(): reads REDIS_URL from local namespace Secret (envFrom)
or falls back to global cluster Secret via k8s API
- configure_redis_cache(): ensures REDIS_CACHE waffle switch row exists (off)
- resolve_cache_backend(): reads waffle switch; sets CACHE_BACKEND=redis|file
- wait_for_redis(): blocks until Redis reachable; falls back gracefully
- write_env_file() now persists REDIS_URL + CACHE_BACKEND into pod .env
k8s manifests (docker/k8s/):
- redis-configmap.yaml: no persistence, allkeys-lru, maxmemory=5gb,
maxclients=20000, activedefrag, 4 databases
- redis-deployment.yaml: redis:7-alpine, 1 replica, liveness/readiness probes,
1Gi request / 6Gi limit
- redis-service.yaml: ClusterIP on port 6379
requirements: add django-redis==5.4.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2 months ago
Edward Ribeiro
8df2861799
Phase 0 hardening: nginx GeoIP2, rate limits, Gunicorn tuning, N+1 fix
- nginx: sendfile on, tcp_nopush, reduced keepalive/proxy timeouts
- nginx: GeoIP2 ASN-based bot blocking (cloud providers + known scrapers)
- nginx: UA blocklist (GPTBot, ClaudeBot, Chrome/98.0.4758 impersonator, etc.)
- nginx: rate-limit zones (30r/m general, 10r/m heavy/relatorios), 429/500 error pages
- nginx: proper ETags + Cache-Control on /media/ to stop 30GB logo re-transfers
- Dockerfile: install libnginx-mod-http-geoip2; download GeoLite2-ASN.mmdb via
BuildKit secret (key never baked into image layers); ARG GEOIP_CACHE_BUST for
forced re-download without --no-cache
- Gunicorn: workers 3->2, threads 8->4, timeout 300->120, max_memory 300->400MB
- Django: FILE_UPLOAD_MAX_MEMORY_SIZE=2MB, FILE_UPLOAD_TEMP_DIR for large uploads
- relatorios/views.py: fix N+1 in get_etiqueta_protocolos with bulk-fetch
MateriaLegislativa + DocumentoAdministrativo using select_related + dict lookups
- Add robots.txt, 429.html, 500.html static pages
- docker-compose.yaml: use sapl:local for local dev
- docker/README.md: build instructions with MAXMIND_LICENSE_KEY
- rate-limiter-v2.md: canonical planning document (Architecture through Phase 5)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2 months ago
Edward Ribeiro
2af9d8791c
Release: 3.1.165-RC2
2 months ago
Edward Ribeiro
bd5e9b449e
Release: 3.1.165-RC1
3 months ago
Edward Ribeiro
f301541aa4
Release: 3.1.165-RC0
3 months ago
Edward Ribeiro
06713534a3
Adiciona requestId em requisições
5 months ago
Edward Ribeiro
db4acb101e
Release: 3.1.164-RC5
8 months ago
Edward Ribeiro
bb1f0c0145
Release: 3.1.164-RC4
8 months ago
Edward Ribeiro
3323f2779f
Fix recibo proposição e adiciona rate limiter em matéria e norma
8 months ago
Edward Ribeiro
9f2cfb78ef
Release: 3.1.164-RC3
9 months ago
Edward Ribeiro
b49c7916a3
Fix read-only mount on k8s
9 months ago
Edward Ribeiro
1f1d61b357
Release: 3.1.164-RC2
9 months ago
Edward Ribeiro
3d8b11f188
Restaura prod settings de docker-compose
9 months ago
6ac5e419e3
Atualização da imagem base Docker ( #3787 )
Update de imagem based Docker and libs Python
Co-authored-by: Edward <9326037+edwardoliveira@users.noreply.github.com>
9 months ago
Edward Ribeiro
14241035fd
Release: 3.1.164-RC1
10 months ago
Edward Ribeiro
01b3c89f75
Release: 3.1.164-RC0
11 months ago
Edward Ribeiro
9944775d69
Remove version e monta mais um volume
11 months ago
Edward Ribeiro
21b008ca6e
Release: 3.1.163
1 year ago
Edward Ribeiro
c37c2bf916
Release: 3.1.163-RC24
1 year ago
Edward Ribeiro
1f041690da
Release: 3.1.163-RC23
2 years ago
5b5ba93008
Release: 3.1.163-RC22
2 years ago
9a29f9eba3
Release: 3.1.163-RC21
2 years ago
07fc92b8db
fix: Update docker-compose.yaml
3 years ago
Edward Ribeiro
690f63f1d0
Release: 3.1.163-RC20
3 years ago
Edward Ribeiro
06ede8577e
Release: 3.1.163-RC19
3 years ago
Edward Ribeiro
6cd5183b1f
Release: 3.1.163-RC18
3 years ago
a3f3cea08f
Adiciona feature flag lib ( #3693 )
Adiciona feature flag lib e refatora Solr para usá-la
3 years ago
Edward Ribeiro
cf98733326
Release: 3.1.163-RC17
3 years ago
Edward Ribeiro
964b3247a7
Release: 3.1.163-RC16
3 years ago
Edward Ribeiro
198988bc08
Release: 3.1.163-RC15
3 years ago
Edward Ribeiro
38f6a398e6
HOT-FIX: conserta changelog
3 years ago
Edward Ribeiro
1a0ce21bbf
Release: 3.1.163-RC13
3 years ago
Edward Ribeiro
c1c76a3901
Release: 3.1.163-RC12
3 years ago
Edward Ribeiro
d38645c076
HOT-FIX: fix Solr data volume
3 years ago
Edward Ribeiro
772bce6ea5
Release: 3.1.163-RC11
3 years ago
Edward Ribeiro
286b62d7b2
Release: 3.1.163-RC10
4 years ago
1ba45a6a68
Tela de pesquisa de AuditLog ( #3622 )
* Tela de pesquisa de AuditLog
* Add template tags
* Corrige erro em paginação
4 years ago
Edward Ribeiro
aed5fe1e68
Release: 3.1.163-RC9
4 years ago
Edward Ribeiro
3c4fdd686b
Release: 3.1.163-RC8
4 years ago
Edward Ribeiro
474724873f
Release: 3.1.163-RC7
4 years ago
Edward Ribeiro
2d8f71dfa0
Release: 3.1.163-RC6
4 years ago
Edward Ribeiro
a13a079913
Release: 3.1.163-RC5
4 years ago
Edward Ribeiro
5746b1c336
Release: 3.1.163-RC4
4 years ago
Edward Ribeiro
5330efff8f
Ajusta localização docker-compose.yaml
4 years ago
8ff9e78776
Refatora Solr ( #3585 )
4 years ago
bdafaafd80
Solr atualizado para 8.11 distribuicao docker ( #3555 )
Mudando docker/docker-compose.yml para dist/docker-compose.yml
Alteração no readme sobre a atualização do solr no docker
Mudança do caminho do solr no arquivo solr.rst
4 years ago
Edward Ribeiro
2ddccbefd9
HOT-FIX: conserta CORS' preflight steps in browser
4 years ago
Edward Ribeiro
b0cb2f4c6c
Release: 3.1.162
4 years ago
Edward Ribeiro
a0fcb4eeae
Release: 3.1.162-RC20
4 years ago
Edward
joaohortsenado
LeandroJatai
Gustavo274