[pull] develop from baserow:develop#260
Merged
pull[bot] merged 6 commits intocode:developfrom Apr 21, 2026
Merged
Conversation
) * perf: optimize rate limiting to reduce DB load under high traffic - Cache JWT user+profile in Redis (BASEROW_JWT_USER_CACHE_TTL, default 30s) with signal-based invalidation on User/UserProfile save - Add ThrottleBlacklistMiddleware: rejects previously throttled tokens via SHA-256 hash lookup before auth/DRF runs (zero DB queries) - Optional IP-based blacklisting for anonymous requests (BASEROW_THROTTLE_IP_BLACKLIST_ENABLED) - Cache CoreHandler.get_settings() per-request via local_cache - Remove OTel tracing from ConcurrentUserRequestsThrottle and CoreHandler.clear_context to reduce per-request overhead - Add configurable BASEROW_CONN_MAX_AGE for DB connection reuse - Suppress django.request WARNING logs under heavy throttling - Reorganize throttling code into baserow.throttling package * fix: address PR review feedback - Move ThrottleBlacklistMiddleware after SecurityMiddleware (index 2) so 429 responses include security headers - Align BASEROW_JWT_USER_CACHE_TTL default to 30s (was 60s) - Fix Retry-After docstring: value is the original wait time, not a live countdown - Fix stale docstring in get_settings (uses local_cache, not global_cache) - Use explicit patch target in test_api_utils (handler module path) * fix: get_settings was still using global_cache instead of local_cache The previous commit left global_cache in the code while the docstring said local_cache. This caused stale Settings objects to be served across requests, breaking tests that modify settings directly via ORM. * fix: revert get_settings caching and fix query count assertions - Remove local_cache/global_cache from CoreHandler.get_settings() as it caused stale Settings objects in tests and across request boundaries - Remove _SETTINGS_CACHE_KEY and Settings post_save signal (no longer needed) - Update admin users query count test to account for JWT user cache (cold=7, warm=6 queries) - Update changelog to remove settings caching reference * fix: disable JWT user cache in tests to keep query counts stable Set BASEROW_JWT_USER_CACHE_TTL=0 in test settings so every request hits the DB predictably. Cache tests use @override_settings to re-enable it where needed. * fix: mark flaky formula export/import test with retry The test_can_export_import_database_with_broken_via_dependency test intermittently fails during teardown when Django's cascade logic tries to NULL out foreign keys on already-dropped dynamic tables. Retry up to 3 times to work around the teardown ordering issue. * fix: tighten throttle blacklisting and JWT cache invalidation * address copilot feedback * address feedback * cache settings and instance-wide license * Address feedback v2
* fix: remove workspace invite messages and pending cap Workspace invitations no longer accept custom messages, which removes the main spam payload from the flow. Drop the BASEROW_MAX_PENDING_WORKSPACE_INVITES limit because deleting and recreating invites made it ineffective. * Update backend/src/baserow/core/migrations/0114_alter_workspaceinvitation_message.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )