feat: Add rate limit to endpoints #1045
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #1045 +/- ##
===========================================
+ Coverage 92.50% 92.62% +0.12%
===========================================
Files 38 40 +2
Lines 2014 2062 +48
===========================================
+ Hits 1863 1910 +47
- Misses 151 152 +1
|
devkapilbansal
added
the
Status: Needs Review
There was a problem hiding this comment.
Hi @jalajcodes , I'm new to this rate limiter and want to learn more. Can you please answer my question below? Thanks
| @@ -0,0 +1,3 @@ | |||
| GLOBAL_LIMIT = ["200 per day", "50 per hour"] | |||
There was a problem hiding this comment.
@jalajcodes , can you please tell me how you decided to use these numbers (200/day, 50/hr)? What is the assumption on the number of users for this one? I'm assuming that the rate limiter does not look on a particular user's request, but for the requests coming in to that endpoint regardless of IP address of the requesters (please do correct me if I'm wrong)? If this is so, what if we have a large number of users (e.g. > 200) that means some of our users won't be able to use the app if the rate limit has been reached, right? This could raise issue 🤔. Can you see if you can apply the rate limiter based on specific IP address? This GitHub discussion indicated that the default which limit per IP address has been deprecated but can still be used providing you explicitly use it in your code.
There was a problem hiding this comment.
It is applied based on the ip address afaik.
There was a problem hiding this comment.
Hi @mtreacy002,
can you please tell me how you decided to use these numbers (200/day, 50/hr)?
As I mentioned in the description, these numbers are just example values, we need to brainstorm appropriate rate limits before this PR is merged.
that means some of our users won't be able to use the app if the rate limit has been reached, right?
rate limit is based on IP address, so 200 requests per day for an ip addr.
There was a problem hiding this comment.
200 is still pretty high for login and signup.
There was a problem hiding this comment.
It is applied based on the ip address afaik.
Yes, its done via this line
There was a problem hiding this comment.
200 is still pretty high for login and signup.
Thats global limit, we override this in login route
There was a problem hiding this comment.
@jalajcodes can you please response to the question below? Thanks
| @@ -24,6 +26,8 @@ | |||
|
|
|||
| @mentorship_relation_ns.route("mentorship_relation/send_request") | |||
| class SendRequest(Resource): | |||
| decorators = [limiter.limit(rate_limits.LIMIT_1)] | |||
There was a problem hiding this comment.
@jalajcodes , I don't see this variable "decorators" being used anywhere in the code. Do we need to declare it as variable? Can we use the pie syntax (@) instead just like we used the @email_verification_required in MS. You can define the limiter decorator function inside the same file (the app/utils/decorator_utils.py).
That's what I did at first but it doesn't work.
|
| @@ -3,6 +3,8 @@ | |||
| from flask_jwt_extended import jwt_required, get_jwt_identity | |||
There was a problem hiding this comment.
Can you create a doc listing the rates for each endpoint or display the rate limit on the swagger UI?
There was a problem hiding this comment.
I will create the doc, but I will need help in deciding the rate limit for each endpoint
There was a problem hiding this comment.
You can ask it on zulip itself
epicadk
added
the
Status: Changes Requested
devkapilbansal
removed
the
Status: Needs Review
|
@jalajcodes hey any updates? |
|
Closing due to inactivity |
Description
Added rate limiting to all the endpoints except admin.
I used a dummy rate limit for now. We have to change it before merging this PR.
Fixes #1006
Type of Change:
Code/Quality Assurance Only
How Has This Been Tested?
Tested locally through Swagger UI
Checklist:
Code/Quality Assurance Only