Add optional rate limiting for all API requests.

Review Request #9114 — Created Aug. 1, 2017 and submitted — Latest diff uploaded

Information

Djblets
release-0.10.x
19c722f...

Reviewers

This change generalizes the rate limiting infrastructure a bit and adds support
for rate limiting API requests. I've changed it so that there are three
settings keys, LOGIN_LIMIT_RATE, API_ANONYMOUS_LIMIT_RATE, and
API_AUTHENTICATED_LIMIT_RATE. These can be set to None, which will disable
rate limiting for that type, or to a rate limit string as before.

If an API request is rate limited, the response will have the error and include
a couple special headers that show what the limit is and how long the user has
to wait before retrying the request.

As part of this, I've also fixed up a couple small issues with the logic
between the different cases depending on the value of increment. In the case
where it's False, we expect to get results as if we were incrementing, but
without actually storing the value to the cache. Once this was fixed, I was
able to fix is_ratelimited to actually check if the limit was exceeded,
rather than at or above.

Based on work by Raman Dhatt.

  • Manually made some authenticated and anonymous API requests with this
    configured and saw the expected results.
  • Ran unit tests.