Add optional rate limiting for all API requests.
Review Request #9114 - Created Aug. 1, 2017 and updated
This change generalizes the rate limiting infrastructure a bit and adds support
for rate limiting API requests. I've changed it so that there are three
API_AUTHENTICATED_LIMIT_RATE. These can be set to
None, which will disable
rate limiting for that type, or to a rate limit string as before.
If an API request is rate limited, the response will have the error and include
a couple special headers that show what the limit is and how long the user has
to wait before retrying the request.
As part of this, I've also fixed up a couple small issues with the logic
between the different cases depending on the value of
increment. In the case
False, we expect to get results as if we were incrementing, but
without actually storing the value to the cache. Once this was fixed, I was
able to fix
is_ratelimitedto actually check if the limit was exceeded,
rather than at or above.
Based on work by Raman Dhatt.
- Manually made some authenticated and anonymous API requests with this
configured and saw the expected results.
- Ran unit tests.
Revision 2 (+133 -14)