Add generic support for rate limiting.
Review Request #14631 — Created Oct. 8, 2025 and updated — Latest diff uploaded
Djblets has long had rate limiting support for user sessions, allowing
separate rate limits for anonymous users and authenticated users for
normal sessions and API. Outside of this, though, we had no mechanism
for rate limiting other operations.This change introduces that generic rate limiting support via a new
djblets.protect.ratelimit
module. This is a modernized port of the old
rate limit code, which can be used with arbitrary keys and validity
windows to provide rate limit functionality for anything.The main function is
check_rate_limit
, which takes in a parsed or
string rate limit, a partial cache key, and a flag indicating whether to
increment the count toward the rate limit in cache (defaults toTrue
).The existing auth rate limiting code has been reworked as a wrapper
around this, focusing on the settings and checks for rate limiting
user sessions.
Unit tests pass.