A flexible and efficient rate limiting library for Django applications
Project description
Django Smart Ratelimit
A flexible and efficient rate limiting library for Django applications with support for multiple backends and automatic fallback.
✨ Features
- 🚀 High Performance: Atomic operations using Redis Lua scripts and optimized algorithms
- 🔧 Flexible Configuration: Both decorator and middleware support with custom key functions
- 🪟 Multiple Algorithms: Fixed window and sliding window rate limiting
- 🔌 Multiple Backends: Redis, Database, Memory, and Multi-Backend with automatic fallback
- 📊 Rich Headers: Standard rate limiting headers (X-RateLimit-*)
- 🛡️ Production Ready: Comprehensive testing, error handling, and monitoring
- 🔄 Auto-Fallback: Seamless failover between backends when one goes down
- 📈 Health Monitoring: Built-in health checks and status reporting
🚀 Quick Setup
1. Installation
pip install django-smart-ratelimit
2. Add to Django Settings
# settings.py
INSTALLED_APPS = [
# ... your apps
'django_smart_ratelimit',
]
# Basic Redis configuration (recommended for production)
RATELIMIT_BACKEND = 'redis'
RATELIMIT_REDIS = {
'host': 'localhost',
'port': 6379,
'db': 0,
}
3. Choose Your Style
Option A: Decorator Style (View-Level)
from django_smart_ratelimit import rate_limit
from django.http import JsonResponse
@rate_limit(key='ip', rate='10/m')
def api_endpoint(request):
return JsonResponse({'message': 'Hello World'})
@rate_limit(key='user', rate='100/h', block=True)
def user_api(request):
return JsonResponse({'data': 'user-specific data'})
Option B: Middleware Style (Application-Level)
# settings.py
MIDDLEWARE = [
'django_smart_ratelimit.middleware.RateLimitMiddleware',
# ... other middleware
]
RATELIMIT_MIDDLEWARE = {
'DEFAULT_RATE': '100/m',
'RATE_LIMITS': {
'/api/': '1000/h',
'/auth/login/': '5/m',
},
'SKIP_PATHS': ['/admin/', '/health/'],
}
4. Test It Works
# Check backend health
python manage.py ratelimit_health
# Test with curl
curl -I http://localhost:8000/api/endpoint/
# Look for X-RateLimit-* headers
That's it! You now have rate limiting protection. 🎉
📖 Documentation
Core Concepts
- Backend Configuration - Redis, Database, Memory, and Multi-Backend setup
- Architecture & Design - Core architecture, algorithms, and design decisions
- Management Commands - Health checks and cleanup commands
Advanced Configuration
- Multi-Backend Examples - High availability with automatic fallback
- Complex Key Functions - Enterprise API keys, JWT tokens, custom patterns
- Performance Tuning - Optimization tips and best practices
- Monitoring Setup - Production monitoring and alerting
Development & Contributing
- Contributing Guide - Development setup, testing, and code guidelines
- Features Roadmap - Planned features and implementation status
- Release Guide - Release process and version management
🏗️ Basic Examples
Decorator Examples
from django_smart_ratelimit import rate_limit
# Basic IP-based limiting
@rate_limit(key='ip', rate='10/m')
def public_api(request):
return JsonResponse({'message': 'Hello World'})
# User-based limiting (requires authentication)
@rate_limit(key='user', rate='100/h')
def user_dashboard(request):
return JsonResponse({'user_data': '...'})
# Custom key with fallback
@rate_limit(key='user_or_ip', rate='50/h')
def flexible_api(request):
return JsonResponse({'data': '...'})
# Block when limit exceeded (default is to continue)
@rate_limit(key='ip', rate='5/m', block=True)
def strict_api(request):
return JsonResponse({'sensitive': 'data'})
Middleware Configuration
# settings.py
RATELIMIT_MIDDLEWARE = {
# Default rate for all paths
'DEFAULT_RATE': '100/m',
# Path-specific rates
'RATE_LIMITS': {
'/api/auth/': '10/m', # Authentication endpoints
'/api/upload/': '5/h', # File uploads
'/api/search/': '50/m', # Search endpoints
'/api/': '200/h', # General API
},
# Paths to skip (no rate limiting)
'SKIP_PATHS': [
'/admin/',
'/health/',
'/static/',
],
# Custom key function
'KEY_FUNCTION': 'myapp.utils.get_api_key_or_ip',
# Block requests when limit exceeded
'BLOCK': True,
}
🔧 Backend Options
Redis (Recommended for Production)
RATELIMIT_BACKEND = 'redis'
RATELIMIT_REDIS = {
'host': 'localhost',
'port': 6379,
'db': 0,
'password': 'your-password', # if needed
'socket_timeout': 0.1,
}
Database (Good for Small Scale)
RATELIMIT_BACKEND = 'database'
# No additional configuration needed
# Uses your default Django database
Memory (Development Only)
RATELIMIT_BACKEND = 'memory'
RATELIMIT_MEMORY_MAX_KEYS = 10000
Multi-Backend (High Availability)
RATELIMIT_BACKENDS = [
{
'name': 'primary_redis',
'backend': 'redis',
'config': {'host': 'redis-primary.example.com'}
},
{
'name': 'fallback_redis',
'backend': 'redis',
'config': {'host': 'redis-fallback.example.com'}
},
{
'name': 'emergency_db',
'backend': 'database',
'config': {}
}
]
RATELIMIT_MULTI_BACKEND_STRATEGY = 'first_healthy'
🔍 Monitoring
Health Checks
# Basic health check
python manage.py ratelimit_health
# Detailed status
python manage.py ratelimit_health --verbose
# JSON output for monitoring
python manage.py ratelimit_health --json
Cleanup (Database Backend)
# Clean expired entries
python manage.py cleanup_ratelimit
# Preview what would be deleted
python manage.py cleanup_ratelimit --dry-run
# Clean entries older than 24 hours
python manage.py cleanup_ratelimit --older-than 24
🆚 Comparison
| Feature | django-smart-ratelimit | django-ratelimit | django-rest-framework |
|---|---|---|---|
| Multiple Backends | ✅ Redis, DB, Memory, Multi | ❌ Cache only | ❌ Cache only |
| Sliding Window | ✅ | ❌ | ❌ |
| Auto-Fallback | ✅ | ❌ | ❌ |
| Health Monitoring | ✅ | ❌ | ❌ |
| Standard Headers | ✅ | ❌ | ⚠️ Limited |
| Atomic Operations | ✅ | ⚠️ Race conditions | ⚠️ Race conditions |
| Production Ready | ✅ | ⚠️ | ⚠️ |
🤝 Contributing
We welcome contributions! See our Contributing Guide for details on:
- Setting up the development environment
- Running tests and code quality checks
- Submitting pull requests
- Code style guidelines
💖 Support the Project
If you find this project helpful and want to support its development, you can make a donation:
- USDT (Ethereum):
0x202943b3a6CC168F92871d9e295537E6cbc53Ff4
Your support helps maintain and improve this open-source project for the Django community! 🙏
📜 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- Inspired by various rate limiting implementations in the Django ecosystem
- Built with performance and reliability in mind for production use
- Community feedback and contributions help make this better
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_smart_ratelimit-0.3.1.tar.gz.
File metadata
- Download URL: django_smart_ratelimit-0.3.1.tar.gz
- Upload date:
- Size: 50.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aa547a9cc864c90bb0cd28e2519179d9837fc11e125f6624f1882468ccbe3d41
|
|
| MD5 |
81878889a3b8c369ec35025377566bd9
|
|
| BLAKE2b-256 |
fda5ad2506c20047a8339b7bede48b22e3a53fbb43d3d2d49984ae7e4ccb5903
|
File details
Details for the file django_smart_ratelimit-0.3.1-py3-none-any.whl.
File metadata
- Download URL: django_smart_ratelimit-0.3.1-py3-none-any.whl
- Upload date:
- Size: 31.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7423466a879369c10260e3ea93fe0ab1e0661fc06f833d39b1c42db67fae04ce
|
|
| MD5 |
0a9328aa1fd1fa0b87046511e17f94b4
|
|
| BLAKE2b-256 |
c43dc5629caf5d9d1e275a0e9c182fd762eb4303daeb5718d57001a3c03b69ec
|
