chore: api rate limiting (#2933)

This commit is contained in:
Bavisetti Narayan 2023-11-29 14:14:26 +05:30 committed by GitHub
parent 6a4f521b47
commit 6d175c0e56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 2 additions and 55 deletions

View File

@ -1,9 +1,8 @@
from django.utils import timezone
from rest_framework.throttling import SimpleRateThrottle from rest_framework.throttling import SimpleRateThrottle
class ApiKeyRateThrottle(SimpleRateThrottle): class ApiKeyRateThrottle(SimpleRateThrottle):
scope = 'api_key' scope = 'api_key'
rate = '60/minute'
def get_cache_key(self, request, view): def get_cache_key(self, request, view):
# Retrieve the API key from the request header # Retrieve the API key from the request header
@ -15,13 +14,10 @@ class ApiKeyRateThrottle(SimpleRateThrottle):
return f'{self.scope}:{api_key}' return f'{self.scope}:{api_key}'
def allow_request(self, request, view): def allow_request(self, request, view):
# Calculate the current time as a Unix timestamp
now = timezone.now().timestamp()
# Use the parent class's method to check if the request is allowed
allowed = super().allow_request(request, view) allowed = super().allow_request(request, view)
if allowed: if allowed:
now = self.timer()
# Calculate the remaining limit and reset time # Calculate the remaining limit and reset time
history = self.cache.get(self.key, []) history = self.cache.get(self.key, [])

View File

@ -1,45 +0,0 @@
from django.utils import timezone
from rest_framework.throttling import SimpleRateThrottle
class ApiKeyRateThrottle(SimpleRateThrottle):
scope = 'api_key'
def get_cache_key(self, request, view):
# Retrieve the API key from the request header
api_key = request.headers.get('X-Api-Key')
if not api_key:
return None # Allow the request if there's no API key
# Use the API key as part of the cache key
return f'{self.scope}:{api_key}'
def allow_request(self, request, view):
# Calculate the current time as a Unix timestamp
now = timezone.now().timestamp()
# Use the parent class's method to check if the request is allowed
allowed = super().allow_request(request, view)
if allowed:
# Calculate the remaining limit and reset time
history = self.cache.get(self.key, [])
# Remove old histories
while history and history[-1] <= now - self.duration:
history.pop()
# Calculate the requests
num_requests = len(history)
# Check available requests
available = self.num_requests - num_requests
# Unix timestamp for when the rate limit will reset
reset_time = int(now + self.duration)
# Add headers
request.META['X-RateLimit-Remaining'] = max(0, available)
request.META['X-RateLimit-Reset'] = reset_time
return allowed

View File

@ -75,10 +75,6 @@ REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",), "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
"DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",), "DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
"DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",), "DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
"DEFAULT_THROTTLE_CLASSES": ("plane.api.rate_limit.ApiKeyRateThrottle",),
"DEFAULT_THROTTLE_RATES": {
"api_key": "60/minute",
},
} }
# Django Auth Backend # Django Auth Backend