quart-rate-limiter 0.12.1

A Quart extension to provide rate limiting support

Quart-Rate-Limiter is an extension for Quart to allow for rate limits to be defined and enforced on a per route basis. The 429 error response includes a RFC7231 compliant Retry-After header and the successful responses contain headers compliant with the RateLimit Header Fields for HTTP RFC draft.

Quickstart

To add a rate limit first initialise the RateLimiting extension with the application, and then rate limit the route,

app = Quart(__name__)
rate_limiter = RateLimiter(app)

@app.get('/')
@rate_limit(1, timedelta(seconds=10))
async def handler():
    ...

Simple examples

To limit a route to 1 request per second and a maximum of 20 per minute,

@app.route('/')
@rate_limit(1, timedelta(seconds=1))
@rate_limit(20, timedelta(minutes=1))
async def handler():
    ...

Alternatively the limits argument can be used for multiple limits,

@app.route('/')
@rate_limit(
    limits=[
        RateLimit(1, timedelta(seconds=1)),
        RateLimit(20, timedelta(minutes=1)),
    ],
)
async def handler():
    ...

To identify remote users based on their authentication ID, rather than their IP,

async def key_function():
    return current_user.id

RateLimiter(app, key_function=key_function)

The key_function is a coroutine function to allow session lookups if appropriate.

Contributing

Quart-Rate-Limiter is developed on GitHub. You are very welcome to open issues or propose merge requests.

Testing

The best way to test Quart-Rate-Limiter is with Tox,

$ pip install tox
$ tox

this will check the code style and run the tests.

Help

The Quart-Rate-Limiter documentation is the best places to start, after that try searching stack overflow or ask for help on gitter. If you still can’t find an answer please open an issue.