Rate-limiting for django

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for crunchy_crow from gravatar.com crunchy_crow

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Andrii Kohut
  • Requires: Python >=3.9
Classifiers

Project description

django-ratelimiter

PyPI version CI codecov Python Versions license docs

Rate limiting for django using limits.

Documentation: https://django-ratelimiter.readthedocs.io

Installation

pip install django-ratelimiter

Usage

By default django-ratelimiter will use the default cache.

Django configuration

To use a non-default cache define DJANGO_RATELIMITER_CACHE in settings.py.

# Set up django caches
CACHES = {
    "custom-cache": {
        "BACKEND": "django.core.cache.backends.redis.RedisCache",
        "LOCATION": "redis://127.0.0.1:6379",
    }
}

# "default" cache is used if setting is not defined.
DJANGO_RATELIMITER_CACHE = "custom-cache"

Any storage backend provided by limits package can also be used by defining DJANGO_RATELIMITER_STORAGE:

from limits.storage import RedisStorage

DJANGO_RATELIMITER_STORAGE = RedisStorage(uri="redis://localhost:6379/0")

For more details on storages refer to limits documentation.

Rate limiting strategies

View decorator

By default all requests are rate limited

from django_ratelimiter import ratelimit

@ratelimit("5/minute")
def view(request: HttpRequest) -> HttpResponse:
    return HttpResponse("OK")

Pick a rate limiting strategy, default is fixed-window:

# options: fixed-window, fixed-window-elastic-expiry, moving-window
@ratelimit("5/minute", strategy="fixed-window-elastic-expiry")
def view(request: HttpRequest) -> HttpResponse:
    return HttpResponse("OK")

You can define per-user limits using request attribute key.

@ratelimit("5/minute", key="user")
def view(request: HttpRequest) -> HttpResponse:
    return HttpResponse("OK")

Callable key can be used to define more complex rules:

@ratelimit("5/minute", key=lambda r: r.user.username)
def view(request: HttpRequest) -> HttpResponse:
    return HttpResponse("OK")

Rate-limit only certain methods:

@ratelimit("5/minute", methods=["POST", "PUT"])
def view(request):
    return HttpResponse("OK")

Provide a custom response:

from django.http import HttpResponse

@ratelimit("5/minute", response=HttpResponse("Too many requests", status=400))
def view(request):
    return HttpResponse("OK")

Using non-default storage:

from limits.storage import RedisStorage

@ratelimit("5/minute", storage=RedisStorage(uri="redis://localhost:6379/0"))
def view(request):
    return HttpResponse("OK")

DRF/ninja/class-based views

django-ratelimiter is framework-agnostic, it should work with DRF/ninja out of the box. Class-based views are also supported with method_decorator.

See examples in test_app.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for crunchy_crow from gravatar.com crunchy_crow

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Andrii Kohut
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.2.2

0.2.1

0.2.0

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_ratelimiter-0.1.2.tar.gz (5.2 kB view hashes)

Uploaded Source

Built Distribution

django_ratelimiter-0.1.2-py3-none-any.whl (6.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page