flake8
failed.
JSHint
passed.
Add optional rate limiting for all API requests.
Review Request #9114 — Created Aug. 1, 2017 and submitted
This change generalizes the rate limiting infrastructure a bit and adds support
for rate limiting API requests. I've changed it so that there are three
settings keys,LOGIN_LIMIT_RATE,API_ANONYMOUS_LIMIT_RATE, and
API_AUTHENTICATED_LIMIT_RATE. These can be set toNone, which will disable
rate limiting for that type, or to a rate limit string as before.If an API request is rate limited, the response will have the error and include
a couple special headers that show what the limit is and how long the user has
to wait before retrying the request.As part of this, I've also fixed up a couple small issues with the logic
between the different cases depending on the value ofincrement. In the case
where it'sFalse, we expect to get results as if we were incrementing, but
without actually storing the value to the cache. Once this was fixed, I was
able to fixis_ratelimitedto actually check if the limit was exceeded,
rather than at or above.Based on work by Raman Dhatt.
- Manually made some authenticated and anonymous API requests with this
configured and saw the expected results. - Ran unit tests.
- Commit:
-
6b20eac48063be4d64632f0062e9b4d95df2bbabd7b9100f6871903ce2d8f3f17d63925fb3bebc1f
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
-
-
Do we want to maybe put these into a dict or list and pull them all out at once?
e.g.
_info = { 0: ('LOGIN_LIMIT_RATE', DEFAULT_LOGIN_LIMIT_RATE, 'login-ratelimit'), # ... } try: settings_key, default_value, cache_key_prefix = _info[limit_type] except KeyError: raise ValueError(...)Also do we want to extract
LOGIN_LIMIT_RATEetc into constants? -