Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Implement serverside rate limiter #4431

Merged
merged 11 commits into from
Aug 30, 2024

Conversation

anticorrelator
Copy link
Contributor

resolves #4344

  • Implements a configurable rate limiter that can be applied to both GQL and REST routes
  • Currently rate limits the login route by IP
  • The IP cache rotates automatically and resets if not accessed for too long

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Aug 29, 2024
@mikeldking mikeldking changed the base branch from main to auth August 29, 2024 16:24
src/phoenix/server/rate_limiters.py Show resolved Hide resolved
Comment on lines 127 to 128
bucket = partition[key]
del partition[key]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
bucket = partition[key]
del partition[key]
bucket = partition.pop(key)

@anticorrelator anticorrelator changed the title feat: Implement ratelimiter on login mutation feat: Implement serverside rate limiter Aug 30, 2024
@anticorrelator anticorrelator merged commit 13fe471 into auth Aug 30, 2024
16 checks passed
@anticorrelator anticorrelator deleted the dustin/implement-server-ratelimiter branch August 30, 2024 00:21
RogerHYang pushed a commit that referenced this pull request Sep 4, 2024
* Spike out serverside rate limiting middleware

* Refactor to keep multiple active partitions

* Create StrawberryRateLimiter extension

* Add rate limiter tests

* Update extension to run synchronously

* Ensure rate limiter extension works for both sync and async resolvers

* Clean up type annotations

* Improve tests and reset behavior

* Clarify edge cases in testing and documentation

* Use pop instead of `del`

* Remove extension implementation
Parker-Stafford pushed a commit that referenced this pull request Sep 4, 2024
* Spike out serverside rate limiting middleware

* Refactor to keep multiple active partitions

* Create StrawberryRateLimiter extension

* Add rate limiter tests

* Update extension to run synchronously

* Ensure rate limiter extension works for both sync and async resolvers

* Clean up type annotations

* Improve tests and reset behavior

* Clarify edge cases in testing and documentation

* Use pop instead of `del`

* Remove extension implementation
RogerHYang pushed a commit that referenced this pull request Sep 4, 2024
* Spike out serverside rate limiting middleware

* Refactor to keep multiple active partitions

* Create StrawberryRateLimiter extension

* Add rate limiter tests

* Update extension to run synchronously

* Ensure rate limiter extension works for both sync and async resolvers

* Clean up type annotations

* Improve tests and reset behavior

* Clarify edge cases in testing and documentation

* Use pop instead of `del`

* Remove extension implementation
RogerHYang pushed a commit that referenced this pull request Sep 21, 2024
* Spike out serverside rate limiting middleware

* Refactor to keep multiple active partitions

* Create StrawberryRateLimiter extension

* Add rate limiter tests

* Update extension to run synchronously

* Ensure rate limiter extension works for both sync and async resolvers

* Clean up type annotations

* Improve tests and reset behavior

* Clarify edge cases in testing and documentation

* Use pop instead of `del`

* Remove extension implementation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[auth][graphql] ip-based rate-limiting on public resolvers
2 participants