A Quart extension to provide rate limiting support
Project description
Quart-Rate-Limiter is an extension for Quart to allow for rate limits to be defined and enforced on a per route basis. The 429 error response includes a RFC7231 compliant Retry-After header and the successful responses contain headers compliant with the RateLimit Header Fields for HTTP RFC draft.
Usage
To add a rate limit first initialise the RateLimiting extension with the application,
app = Quart(__name__)
rate_limiter = RateLimiter(app)
or via the factory pattern,
rate_limiter = RateLimiter()
def create_app():
app = Quart(__name__)
rate_limiter.init_app(app)
return app
Now this is done you can apply rate limits to any route by using the rate_limit decorator,
@app.route('/')
@rate_limit(1, timedelta(seconds=10))
async def handler():
...
Or to apply rate limits to all routes within a blueprint by using the limit_blueprint function,
blueprint = Blueprint("name", __name__)
limit_blueprint(blueprint, 1, timedelta(seconds=10))
Or to apply rate limits to all routes in an app, define the default limits when initialising the RateLimiter,
rate_limiter = RateLimiter(
default_limits=[RateLimit(1, timedelta(seconds=10))]
)
and then to exempt a route,
@app.route("/exempt")
@rate_exempt
async def handler():
...
To alter the identification of remote users you can either supply a global key function when initialising the extension, or on a per route basis.
By default rate limiting information (TATs) will be stored in memory, which will result in unexpected behaviour if multiple workers are used. To solve this a redis store can be used by installing the redis extra (pip install quart-rate-limiter[redis]) and then using as so,
from quart_rate_limiter.redis_store import RedisStore
redis_store = RedisStore(address)
RateLimiter(app, store=redis_store)
This store uses redis, and any extra keyword arguments passed to the RedisStore constructor will be passed to the redis create_redis function.
A custom store is possible, see the RateLimiterStoreABC for the required interface.
Simple examples
To limit a route to 1 request per second and a maximum of 20 per minute,
@app.route('/')
@rate_limit(1, timedelta(seconds=1))
@rate_limit(20, timedelta(minutes=1))
async def handler():
...
Alternatively the limits argument can be used for multiple limits,
@app.route('/')
@rate_limit(
limits=[
RateLimit(1, timedelta(seconds=1)),
RateLimit(20, timedelta(minutes=1)),
],
)
async def handler():
...
To identify remote users based on their authentication ID, rather than their IP,
async def key_function():
return current_user.id
RateLimiter(app, key_function=key_function)
The key_function is a coroutine function to allow session lookups if appropriate.
Contributing
Quart-Rate-Limiter is developed on GitHub. You are very welcome to open issues or propose merge requests.
Testing
The best way to test Quart-Rate-Limiter is with Tox,
$ pip install tox
$ tox
this will check the code style and run the tests.
Help
This README is the best place to start, after that try opening an issue.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for quart_rate_limiter-0.9.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ad5a0230223344bda92a859d1b4e173047f7f529036ae6fe7836a1a737a3daed |
|
MD5 | 2464dd3af1640979af24483cea88a95c |
|
BLAKE2b-256 | 12fbd70128e3cd131e6d43481b5924988ef75f86df9a129970c39174c664f6dc |