Summary

Add generic support for rate limiting.

Review Request #14631 — Created Oct. 8, 2025 and updated Oct. 9, 2025, 7:54 a.m.

Information

Owner

chipx86

Repository

Djblets

Branch

release-5.x

Bugs

Depends On

Reviewers

Groups

djblets

People

Description

Djblets has long had rate limiting support for user sessions, allowing

separate rate limits for anonymous users and authenticated users for

normal sessions and API. Outside of this, though, we had no mechanism

for rate limiting other operations.
This change introduces that generic rate limiting support via a new

djblets.protect.ratelimit module. This is a modernized port of the old

rate limit code, which can be used with arbitrary keys and validity

windows to provide rate limit functionality for anything.
The main function is check_rate_limit, which takes in a parsed or

string rate limit, a partial cache key, and a flag indicating whether to

increment the count toward the rate limit in cache (defaults to True).
The existing auth rate limiting code has been reworked as a wrapper

around this, focusing on the settings and checks for rate limiting

user sessions.

Testing Done

Unit tests pass.

Commits

Summary	ID
Add generic support for rate limiting. Djblets has long had rate limiting support for user sessions, allowing separate rate limits for anonymous users and authenticated users for normal sessions and API. Outside of this, though, we had no mechanism for rate limiting other operations. This change introduces that generic rate limiting support via a new `djblets.protect.ratelimit` module. This is a modernized port of the old rate limit code, which can be used with arbitrary keys and validity windows to provide rate limit functionality for anything. The main function is `check_rate_limit`, which takes in a parsed or string rate limit, a partial cache key, and a flag indicating whether to increment the count toward the rate limit in cache (defaults to `True`). The existing auth rate limiting code has been reworked as a wrapper around this, focusing on the settings and checks for rate limiting user sessions.	272beaa42c350a1093d5f639a49a09c0ae5b6fc0

Summary

Add generic support for rate limiting.

Djblets has long had rate limiting support for user sessions, allowing separate rate limits for anonymous users and authenticated users for normal sessions and API. Outside of this, though, we had no mechanism for rate limiting other operations. This change introduces that generic rate limiting support via a new `djblets.protect.ratelimit` module. This is a modernized port of the old rate limit code, which can be used with arbitrary keys and validity windows to provide rate limit functionality for anything. The main function is `check_rate_limit`, which takes in a parsed or string rate limit, a partial cache key, and a flag indicating whether to increment the count toward the rate limit in cache (defaults to `True`). The existing auth rate limiting code has been reworked as a wrapper around this, focusing on the settings and checks for rate limiting user sessions.

272beaa42c350a1093d5f639a49a09c0ae5b6fc0

Issues

Description	From	Last Updated
djblets.http.requests doesn't currently exist. Did you forget to add this file?	david	Oct. 9, 2025, 7:54 a.m.
Can we use .format() instead of %-formatting here?	david	Oct. 9, 2025, 7:54 a.m.
This type is wrong	david	Oct. 9, 2025, 7:54 a.m.
Can we pass the timeout as a kwarg here?	david	Oct. 9, 2025, 7:54 a.m.
too many blank lines (2) Column: 9 Error code: E303	reviewbot	Oct. 8, 2025, 4:52 p.m.

flake8 failed.

JSHint passed.

flake8

djblets/protect/tests/test_ratelimit.py (Diff revision 1)
The issue has been resolved. Show all issues
```
too many blank lines (2)

Column: 9
Error code: E303
```

Fix it!

djblets/auth/ratelimit.py (Diff revision 1)

An issue was opened. Show all issues

djblets.http.requests doesn't currently exist. Did you forget to add this file?

djblets/auth/ratelimit.py (Diff revision 1)
An issue was opened. Show all issues
```
Can we use .format() instead of %-formatting here?
```
djblets/protect/ratelimit.py (Diff revision 1)
An issue was opened. Show all issues
```
This type is wrong
```
djblets/protect/ratelimit.py (Diff revision 1)
An issue was opened. Show all issues
```
Can we pass the timeout as a kwarg here?
```