Eaiser to use django-ratelimit for graphql in django.

Install

pip install django-graphql-ratelimit

Usage

ratelimit key support gql:xxx, where xxx is argument.

from django_graphql_ratelimit import ratelimit

class RequestSMSCode(graphene.Mutation):
    class Arguments:
        phone = graphene.String(required=True)

    ok = graphene.Boolean()

    @ratelimit(key="ip", rate="10/m", block=True)
    @ratelimit(key="gql:phone", rate="5/m", block=True)
    def mutate(self, info, phone):
        request = info.context
        # send sms code logic
        return RequestSMSCode(ok=True)

You can use django-ratelimit keys except get:xxx and post:xxx:

• ip - Use the request IP address (i.e. request.META['REMOTE_ADDR']) I suggest you to use django-ipware to get client ip, modify your MIDDLEWARE in settings:

MIDDLEWARE = [
"django_graphql_ratelimit.middleware.ParseClientIpMiddleware",
...
]

• header:x-x - Use the value of request.META.get('HTTP_X_X', '').
• user - Use an appropriate value from request.user. Do not use with unauthenticated users.
• user_or_ip - Use an appropriate value from request.user if the user is authenticated, otherwise use request.META['REMOTE_ADDR'].