From 4e1834804f0c40c4f238a2657c4ead06ab8388bb Mon Sep 17 00:00:00 2001
From: Alexander Song <axiomofjoy@gmail.com>
Date: Thu, 19 Sep 2024 19:16:22 -0700
Subject: [PATCH] undo rate limiter fix

---
 src/phoenix/config.py                  |  3 +--
 src/phoenix/server/api/routers/auth.py | 20 ++++++++++++++------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/phoenix/config.py b/src/phoenix/config.py
index bec10aa91c..892a47184c 100644
--- a/src/phoenix/config.py
+++ b/src/phoenix/config.py
@@ -69,8 +69,7 @@
     "PHOENIX_SERVER_INSTRUMENTATION_OTLP_TRACE_COLLECTOR_GRPC_ENDPOINT"
 )
 
-# Auth is under active development. Phoenix users are strongly advised not to
-# set these environment variables until the feature is officially released.
+# Authentication settings
 ENV_PHOENIX_ENABLE_AUTH = "PHOENIX_ENABLE_AUTH"
 ENV_PHOENIX_SECRET = "PHOENIX_SECRET"
 ENV_PHOENIX_API_KEY = "PHOENIX_API_KEY"
diff --git a/src/phoenix/server/api/routers/auth.py b/src/phoenix/server/api/routers/auth.py
index 79aa86c5cb..ed3dd3cb76 100644
--- a/src/phoenix/server/api/routers/auth.py
+++ b/src/phoenix/server/api/routers/auth.py
@@ -46,13 +46,21 @@
     UserId,
 )
 
+rate_limiter = ServerRateLimiter(
+    per_second_rate_limit=0.2,
+    enforcement_window_seconds=30,
+    partition_seconds=60,
+    active_partitions=2,
+)
 login_rate_limiter = fastapi_ip_rate_limiter(
-    ServerRateLimiter(
-        per_second_rate_limit=1.0,
-        enforcement_window_seconds=30,
-        partition_seconds=60,
-        active_partitions=2,
-    )
+    rate_limiter,
+    paths=[
+        "/login",
+        "/logout",
+        "/refresh",
+        "/password-reset-email",
+        "/password-reset",
+    ],
 )
 router = APIRouter(
     prefix="/auth", include_in_schema=False, dependencies=[Depends(login_rate_limiter)]