forked from github/plane
chore: api rate limiting (#2933)
This commit is contained in:
parent
6a4f521b47
commit
6d175c0e56
@ -1,9 +1,8 @@
|
|||||||
from django.utils import timezone
|
|
||||||
from rest_framework.throttling import SimpleRateThrottle
|
from rest_framework.throttling import SimpleRateThrottle
|
||||||
|
|
||||||
|
|
||||||
class ApiKeyRateThrottle(SimpleRateThrottle):
|
class ApiKeyRateThrottle(SimpleRateThrottle):
|
||||||
scope = 'api_key'
|
scope = 'api_key'
|
||||||
|
rate = '60/minute'
|
||||||
|
|
||||||
def get_cache_key(self, request, view):
|
def get_cache_key(self, request, view):
|
||||||
# Retrieve the API key from the request header
|
# Retrieve the API key from the request header
|
||||||
@ -15,13 +14,10 @@ class ApiKeyRateThrottle(SimpleRateThrottle):
|
|||||||
return f'{self.scope}:{api_key}'
|
return f'{self.scope}:{api_key}'
|
||||||
|
|
||||||
def allow_request(self, request, view):
|
def allow_request(self, request, view):
|
||||||
# Calculate the current time as a Unix timestamp
|
|
||||||
now = timezone.now().timestamp()
|
|
||||||
|
|
||||||
# Use the parent class's method to check if the request is allowed
|
|
||||||
allowed = super().allow_request(request, view)
|
allowed = super().allow_request(request, view)
|
||||||
|
|
||||||
if allowed:
|
if allowed:
|
||||||
|
now = self.timer()
|
||||||
# Calculate the remaining limit and reset time
|
# Calculate the remaining limit and reset time
|
||||||
history = self.cache.get(self.key, [])
|
history = self.cache.get(self.key, [])
|
||||||
|
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
from django.utils import timezone
|
|
||||||
from rest_framework.throttling import SimpleRateThrottle
|
|
||||||
|
|
||||||
|
|
||||||
class ApiKeyRateThrottle(SimpleRateThrottle):
|
|
||||||
scope = 'api_key'
|
|
||||||
|
|
||||||
def get_cache_key(self, request, view):
|
|
||||||
# Retrieve the API key from the request header
|
|
||||||
api_key = request.headers.get('X-Api-Key')
|
|
||||||
if not api_key:
|
|
||||||
return None # Allow the request if there's no API key
|
|
||||||
|
|
||||||
# Use the API key as part of the cache key
|
|
||||||
return f'{self.scope}:{api_key}'
|
|
||||||
|
|
||||||
def allow_request(self, request, view):
|
|
||||||
# Calculate the current time as a Unix timestamp
|
|
||||||
now = timezone.now().timestamp()
|
|
||||||
|
|
||||||
# Use the parent class's method to check if the request is allowed
|
|
||||||
allowed = super().allow_request(request, view)
|
|
||||||
|
|
||||||
if allowed:
|
|
||||||
# Calculate the remaining limit and reset time
|
|
||||||
history = self.cache.get(self.key, [])
|
|
||||||
|
|
||||||
# Remove old histories
|
|
||||||
while history and history[-1] <= now - self.duration:
|
|
||||||
history.pop()
|
|
||||||
|
|
||||||
# Calculate the requests
|
|
||||||
num_requests = len(history)
|
|
||||||
|
|
||||||
# Check available requests
|
|
||||||
available = self.num_requests - num_requests
|
|
||||||
|
|
||||||
# Unix timestamp for when the rate limit will reset
|
|
||||||
reset_time = int(now + self.duration)
|
|
||||||
|
|
||||||
# Add headers
|
|
||||||
request.META['X-RateLimit-Remaining'] = max(0, available)
|
|
||||||
request.META['X-RateLimit-Reset'] = reset_time
|
|
||||||
|
|
||||||
return allowed
|
|
@ -75,10 +75,6 @@ REST_FRAMEWORK = {
|
|||||||
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
|
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
|
||||||
"DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
|
"DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
|
||||||
"DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
|
"DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
|
||||||
"DEFAULT_THROTTLE_CLASSES": ("plane.api.rate_limit.ApiKeyRateThrottle",),
|
|
||||||
"DEFAULT_THROTTLE_RATES": {
|
|
||||||
"api_key": "60/minute",
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Django Auth Backend
|
# Django Auth Backend
|
||||||
|
Loading…
Reference in New Issue
Block a user