A Quart extension to provide rate limiting support.
Project description
Quart-Rate-Limiter is an extension for Quart to allow for rate limits to be defined and enforced on a per route basis. The 429 error response includes a RFC7231 compliant Retry-After header and the successful responses contain headers compliant with the RateLimit Header Fields for HTTP RFC draft.
Usage
To add a rate limit first initialise the RateLimiting extension with the application,
app = Quart(__name__)
rate_limiter = RateLimiter(app)or via the factory pattern,
rate_limiter = RateLimiter()
def create_app():
app = Quart(__name__)
rate_limiter.init_app(app)
return appNow this is done you can apply rate limits to any route by using the rate_limit decorator,
@app.route('/')
@rate_limit(1, timedelta(seconds=10))
async def handler():
...To alter the identification of remote users you can either supply a global key function when initialising the extension, or on a per route basis.
By default rate limiting information (TATs) will be stored in memory, which will result in unexpected behaviour if multiple workers are used. To solve this a redis store can be used by installing the redis extra (pip install quart-rate-limiter[redis]) and then using as so,
from quart_rate_limiter.redis_store import RedisStore
redis_store = RedisStore(address)
RateLimiter(app, store=redis_store)This store uses aioredis, and any extra keyword arguments passed to the RedisStore constructor will be passed to the aioredis create_redis function.
A custom store is possible, see the RateLimiterStoreABC for the required interface.
Simple examples
To limit a route to 1 request per second and a maximum of 20 per minute,
@app.route('/')
@rate_limit(1, timedelta(seconds=1))
@rate_limit(20, timedelta(minutes=1))
async def handler():
...To identify remote users based on the forwarded IP, rather than the direct IP (if behind a load balancer),
async def key_function():
# Return the X-Forwarded-For as the user-agent identifier,
# unless it isn't present (direct connection).
return request.headers.get("X-Forwarded-For", request.remote_addr)
RateLimiter(app, key_function=key_function)The key_function is a coroutine function to allow session lookups if appropriate.
Contributing
Quart-Rate-Limiter is developed on GitLab. You are very welcome to open issues or propose merge requests.
Testing
The best way to test Quart-Rate-Limiter is with Tox,
$ pip install tox
$ toxthis will check the code style and run the tests.
Help
This README is the best place to start, after that try opening an issue.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Quart_Rate_Limiter-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c9ace5e0f54421285ee8fe0e6d8ad2b6327b453679d7cebe8cc0822b048336c |
|
| MD5 | 8936aea94b54fd291a9aaa97deb6d599 |
|
| BLAKE2b-256 | bf42d07662449eaaf1967fa3760df43b9c84ffeb275822db51e5ffd6704643a1 |
