entrouvert
/
debian-django-ratelimit
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Import Upstream version 0.4.0+8+gd58c489

This commit is contained in:
Frédéric Péters 2019-08-13 12:21:57 +02:00
commit 08b3d457c0
24 changed files with 1535 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
*.pyc
*.swp
dist
*.egg-info
docs/_build/*
.tox/

17
.travis.yml Normal file
View File

@ -0,0 +1,17 @@
language: python
env:
- DJANGO_VERSION=1.4
- DJANGO_VERSION=1.5
- DJANGO_VERSION=1.6
python:
- "2.6"
- "2.7"
install:
- pip install -q "Django>=${DJANGO_VERSION},<${DJANGO_VERSION}.99"
script: ./run.sh test
matrix:
include:
- python: 3.3
env: DJANGO_VERSION=1.5
- python: 3.3
env: DJANGO_VERSION=1.6

29
CHANGELOG Normal file
View File

@ -0,0 +1,29 @@
==========
Change Log
==========
v0.3
====
- Drop the 'Backend' concept.
- Add settings: RATELIMIT_USE_CACHE and RATELIMIT_CACHE_PREFIX.
- Allow custom key functions.
- Tests with Django 1.4.x and 1.5.x.
- Refactor to simplify tests and development requirements.
v0.2
====
- Added real docs.
- Fix unicode field values.
- Add real tests.
- Use the Ratelimited exception, RatelimitMiddleware, and
RATELIMIT_VIEW setting.
- Add RATELIMIT_ENABLE setting.
- Add the skip_if argument.
- Always add request.limited.
v0.1
====
- Initial release.

13
LICENSE Normal file
View File

@ -0,0 +1,13 @@
Copyright (c) 2013, James Socol
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

4
MANIFEST.in Normal file
View File

@ -0,0 +1,4 @@
include CHANGELOG
include LICENSE
include MANIFEST.in
include README.rst

15
README.rst Normal file
View File

@ -0,0 +1,15 @@
================
Django Ratelimit
================
Django Ratelimit provides a decorator to rate-limit views. Limiting can
be based on IP address or a field in the request--either a GET or POST
variable.
.. image:: https://travis-ci.org/jsocol/django-ratelimit.png?branch=master
:target: https://travis-ci.org/jsocol/django-ratelimit
:Code: https://github.com/jsocol/django-ratelimit
:License: BSD; see LICENSE file
:Issues: https://github.com/jsocol/django-ratelimit/issues
:Documentation: http://django-ratelimit.readthedocs.org/

153
docs/Makefile Normal file
View File

@ -0,0 +1,153 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = _build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
clean:
-rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/DjangoRatelimit.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/DjangoRatelimit.qhc"
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/DjangoRatelimit"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/DjangoRatelimit"
@echo "# devhelp"
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."

242
docs/conf.py Normal file
View File

@ -0,0 +1,242 @@
# -*- coding: utf-8 -*-
#
# Django Ratelimit documentation build configuration file, created by
# sphinx-quickstart on Fri Jan 4 15:55:31 2013.
#
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys, os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.insert(0, os.path.abspath('.'))
# -- General configuration -----------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = []
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Django Ratelimit'
copyright = u'2013, James Socol'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '0.3'
# The full version, including alpha/beta/rc tags.
release = '0.3.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# If false, no module index is generated.
#html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'DjangoRatelimitdoc'
# -- Options for LaTeX output --------------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title, author, documentclass [howto/manual]).
latex_documents = [
('index', 'DjangoRatelimit.tex', u'Django Ratelimit Documentation',
u'James Socol', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# -- Options for manual page output --------------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'djangoratelimit', u'Django Ratelimit Documentation',
[u'James Socol'], 1)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# -- Options for Texinfo output ------------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'DjangoRatelimit', u'Django Ratelimit Documentation',
u'James Socol', 'DjangoRatelimit', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'

45
docs/contributing.rst Normal file
View File

@ -0,0 +1,45 @@
.. _contributing-chapter:
============
Contributing
============
Set Up
======
Create a virtualenv_ and install Django with pip_::
$ pip install Django
Running the Tests
=================
Running the tests is as easy as::
$ ./run.sh test
You may also run the test on multiple versions of Django using tox.
- First install tox::
$ pip install tox
- Then run the tests with tox::
$ tox
Code Standards
==============
I ask two things for pull requests.
* The flake8_ tool must not report any violations.
* All tests, including new tests where appropriate, must pass.
.. _virtualenv: http://www.virtualenv.org/en/latest/
.. _pip: http://www.pip-installer.org/en/latest/
.. _flake8: https://pypi.python.org/pypi/flake8

60
docs/index.rst Normal file
View File

@ -0,0 +1,60 @@
================
Django Ratelimit
================
Project
=======
**Django Ratelimit** is a ratelimiting decorator for Django views.
.. image:: https://travis-ci.org/jsocol/django-ratelimit.png?branch=master
:target: https://travis-ci.org/jsocol/django-ratelimit
:Code: https://github.com/jsocol/django-ratelimit
:License: Apache Software License
:Issues: https://github.com/jsocol/django-ratelimit/issues
:Documentation: http://django-ratelimit.readthedocs.org/
Quickstart
==========
Install::
pip install django-ratelimit
Use as a decorator in ``views.py``::
from ratelimit.decorators import ratelimit
@ratelimit()
def myview(request):
# ...
@ratelimit(rate='100/h')
def secondview(request):
# ...
.. _PyPI: http://pypi.python.org/pypi/django-ratelimit
Contents
========
.. toctree::
:maxdepth: 2
settings
usage
contributing
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

17
docs/settings.rst Normal file
View File

@ -0,0 +1,17 @@
.. _settings-chapter:
========
Settings
========
``RATELIMIT_CACHE_PREFIX``:
An optional cache prefix for ratelimit keys (in addition to the
``PREFIX`` value). *rl:*
``RATELIMIT_ENABLE``:
Set to ``False`` to disable rate-limiting across the board. *True*
``RATELIMIT_USE_CACHE``:
Which cache (from the ``CACHES`` dict) to use. *default*
``RATELIMIT_VIEW``:
A view to use when a request is ratelimited, in conjunction with
``RatelimitMiddleware``. (E.g.: ``'myapp.views.ratelimited'``.)
*None*

205
docs/usage.rst Normal file
View File

@ -0,0 +1,205 @@
.. _usage-chapter:
======================
Using Django Ratelimit
======================
Use as a decorator
==================
The ``@ratelimit`` view decorator provides several optional arguments
with sensible defaults (in italics).
Import::
from ratelimit.decorators import ratelimit
.. py:decorator:: ratelimit(ip=True, block=False, method=None, field=None, rate='5/m', skip_if=None, keys=None)
:arg ip:
*True* Whether to rate-limit based on the IP from ``REMOTE_ADDR``.
.. Note::
If you're using a reverse proxy, set this to False and use
the ``keys`` argument.
:arg block:
*False* Whether to block the request instead of annotating.
:arg method:
*None* Which HTTP method(s) to rate-limit. May be a string, a
list/tuple, or ``None`` for all methods.
:arg field:
*None* Which HTTP GET/POST argument field(s) to use to
rate-limit. May be a string or a list of strings.
:arg rate:
*'5/m'* The number of requests per unit time allowed. Valid units are:
* ``s`` - seconds
* ``m`` - minutes
* ``h`` - hours
* ``d`` - days
:arg skip_if:
*None* If specified, pass this parameter a callable
(e.g. lambda function) that takes the current request. If the
callable returns a value that evaluates to True, the rate
limiting is skipped for that particular view. This is useful
to do things like selectively deactivating rate limiting based
on a value in your settings file, or based on an attirbute in
the current request object. (Also see the ``RATELIMIT_ENABLE``
setting below.)
:arg keys:
*None* Specify a function or list of functions that take the
request object and return string keys. This allows you to
define custom logic (for example, use an authenticated user ID
or unauthenticated IP address).
.. Note::
If you're using a reverse proxy, pass in a function that
pulls the appropriate field from ``request.META`` for the
actual ip address of the client.
Examples::
@ratelimit()
def myview(request):
# Will be true if the same IP makes more than 5 requests/minute.
was_limited = getattr(request, 'limited', False)
return HttpResponse()
@ratelimit(block=True)
def myview(request):
# If the same IP makes >5 reqs/min, will raise Ratelimited
return HttpResponse()
@ratelimit(field='username')
def login(request):
# If the same username OR IP is used >5 times/min, this will be True.
# The `username` value will come from GET or POST, determined by the
# request method.
was_limited = getattr(request, 'limited', False)
return HttpResponse()
@ratelimit(method='POST')
def login(request):
# Only apply rate-limiting to POSTs.
return HttpResponseRedirect()
@ratelimit(field=['username', 'other_field'])
def login(request):
# Use multiple field values.
return HttpResponse()
@ratelimit(rate='4/h')
def slow(request):
# Allow 4 reqs/hour.
return HttpResponse()
@ratelimit(skip_if=lambda request: getattr(request, 'some_attribute', False))
def skipif1(request):
# Conditionally skip rate limiting (example 1)
return HttpResponse()
@ratelimit(skip_if=lambda request: settings.MYAPP_DEACTIVATE_RATE_LIMITING)
def skipif2(request):
# Conditionally skip rate limiting (example 2)
return HttpResponse()
@ratelimit(keys=lambda x: 'min', rate='1/m')
@ratelimit(keys=lambda x: 'hour', rate='10/h')
@ratelimit(keys=lambda x: 'day', rate='50/d')
def post(request):
# Stack them.
# Note: once a decorator limits the request, the ones after
# won't count the request for limiting.
return HttpResponse()
@ratelimit(ip=False,
keys=lambda req: req.META.get('HTTP_X_CLUSTER_CLIENT_IP',
req.META['REMOTE_ADDR']))
def post(request):
# This will use the HTTP_X_CLUSTER_CLIENT_IP and default to
# REMOTE_ADDR if that's not set. This is how you'd set up your
# rate limiting if you're behind a reverse proxy.
#
# It's important to set ip to False here. Otherwise it'll use
# limit on EITHER HTTP_X_CLUSTER_CLIENT_IP or REMOTE_ADDR and
# the end result is that everything will be throttled.
return HttpResponse()
Helper Function
===============
In some cases the decorator is not flexible enough. If this is an
issue you use the ``is_ratelimited`` helper function. It's similar to
the decorator.
Import::
from ratelimit.helpers import is_ratelimited
.. py:function:: is_ratelimited(request, increment=False, ip=True, method=None, field=None, rate='5/m', keys=None)
:arg request:
(Required) The request object.
:arg increment:
*False* Whether to increment the count.
:arg ip:
*True* Whether to rate-limit based on the IP.
:arg method:
*None* Which HTTP method(s) to rate-limit. May be a string, a
list/tuple, or ``None`` for all methods.
:arg field:
*None* Which HTTP field(s) to use to rate-limit. May be a
string or a list.
:arg rate:
*'5/m'* The number of requests per unit time allowed.
:arg keys:
*None* Specify a function or list of functions that take the
request object and return string keys. This allows you to
define custom logic (for example, use an authenticated user ID
or unauthenticated IP address).
Exceptions
==========
.. py:class:: ratelimit.exceptions.Ratelimited
If a request is ratelimited and ``block`` is set to ``True``,
Ratelimit will raise ``ratelimit.exceptions.Ratelimited``.
This is a subclass of Django's ``PermissionDenied`` exception, so
if you don't need any special handling beyond the built-in 403
processing, you don't have to do anything.
Middleware
==========
There is optional middleware to use a custom view to handle ``Ratelimited``
exceptions.
To use it, add ``ratelimit.middleware.RatelimitMiddleware`` to your
``MIDDLEWARE_CLASSES`` (toward the bottom of the list) and set
``RATELIMIT_VIEW`` to the full path of a view you want to use.
The view specified in ``RATELIMIT_VIEW`` will get two arguments, the
``request`` object (after ratelimit processing) and the exception.

2
ratelimit/__init__.py Normal file
View File

@ -0,0 +1,2 @@
VERSION = (0, 4, 0)
__version__ = '.'.join(map(str, VERSION))

24
ratelimit/decorators.py Normal file
View File

@ -0,0 +1,24 @@
from functools import wraps
from ratelimit.exceptions import Ratelimited
from ratelimit.helpers import is_ratelimited
__all__ = ['ratelimit']
def ratelimit(ip=True, block=False, method=['POST'], field=None, rate='5/m',
skip_if=None, keys=None):
def decorator(fn):
@wraps(fn)
def _wrapped(request, *args, **kw):
request.limited = getattr(request, 'limited', False)
if skip_if is None or not skip_if(request):
ratelimited = is_ratelimited(request=request, increment=True,
ip=ip, method=method, field=field,
rate=rate, keys=keys)
if ratelimited and block:
raise Ratelimited()
return fn(request, *args, **kw)
return _wrapped
return decorator

5
ratelimit/exceptions.py Normal file
View File

@ -0,0 +1,5 @@
from django.core.exceptions import PermissionDenied
class Ratelimited(PermissionDenied):
pass

99
ratelimit/helpers.py Normal file
View File

@ -0,0 +1,99 @@
import hashlib
import re
from django.conf import settings
from django.core.cache import get_cache
__all__ = ['is_ratelimited']
RATELIMIT_ENABLE = getattr(settings, 'RATELIMIT_ENABLE', True)
CACHE_PREFIX = getattr(settings, 'RATELIMIT_CACHE_PREFIX', 'rl:')
_PERIODS = {
's': 1,
'm': 60,
'h': 60 * 60,
'd': 24 * 60 * 60,
}
rate_re = re.compile('([\d]+)/([\d]*)([smhd])')
def _method_match(request, method=None):
if method is None:
return True
if not isinstance(method, (list, tuple)):
method = [method]
return request.method in [m.upper() for m in method]
def _split_rate(rate):
count, multi, period = rate_re.match(rate).groups()
count = int(count)
time = _PERIODS[period.lower()]
if multi:
time = time * int(multi)
return count, time
def _get_keys(request, ip=True, field=None, keyfuncs=None):
keys = []
if ip:
keys.append('ip:' + request.META['REMOTE_ADDR'])
if field is not None:
if not isinstance(field, (list, tuple)):
field = [field]
for f in field:
val = getattr(request, request.method).get(f, '').encode('utf-8')
val = hashlib.sha1(val).hexdigest()
keys.append(u'field:%s:%s' % (f, val))
if keyfuncs:
if not isinstance(keyfuncs, (list, tuple)):
keyfuncs = [keyfuncs]
for k in keyfuncs:
keys.append(k(request))
return [CACHE_PREFIX + k for k in keys]
def _incr(cache, keys, timeout=60):
# Yes, this is a race condition, but memcached.incr doesn't reset the
# timeout.
counts = cache.get_many(keys)
for key in keys:
if key in counts:
counts[key] += 1
else:
counts[key] = 1
cache.set_many(counts, timeout=timeout)
return counts
def _get(cache, keys):
counts = cache.get_many(keys)
for key in keys:
if key in counts:
counts[key] += 1
else:
counts[key] = 1
return counts
def is_ratelimited(request, increment=False, ip=True, method=['POST'],
field=None, rate='5/m', keys=None):
count, period = _split_rate(rate)
cache = getattr(settings, 'RATELIMIT_USE_CACHE', 'default')
cache = get_cache(cache)
request.limited = getattr(request, 'limited', False)
if (not request.limited and RATELIMIT_ENABLE and
_method_match(request, method)):
_keys = _get_keys(request, ip, field, keys)
if increment:
counts = _incr(cache, _keys, period)
else:
counts = _get(cache, _keys)
if any([c > count for c in counts.values()]):
request.limited = True
return request.limited

14
ratelimit/middleware.py Normal file
View File

@ -0,0 +1,14 @@
from django.conf import settings
from django.utils.importlib import import_module
from ratelimit.exceptions import Ratelimited
class RatelimitMiddleware(object):
def process_exception(self, request, exception):
if not isinstance(exception, Ratelimited):
return
module_name, _, view_name = settings.RATELIMIT_VIEW.rpartition('.')
module = import_module(module_name)
view = getattr(module, view_name)
return view(request, exception)

45
ratelimit/mixins.py Normal file
View File

@ -0,0 +1,45 @@
# -*- coding: utf-8 -*-
from .decorators import ratelimit
class RateLimitMixin(object):
"""
Mixin for usage in Class Based Views
configured with the decorator ``ratelimit`` defaults.
Configure the class-attributes prefixed with ``ratelimit_``
for customization of the ratelimit process.
Example::
class ContactView(RateLimitMixin, FormView):
form_class = ContactForm
template_name = "contact.html"
ratelimit_block = True
def form_valid(self, form):
# do sth. here
return super(ContactView, self).form_valid(form)
"""
ratelimit_ip = True
ratelimit_block = False
ratelimit_method = ['POST']
ratelimit_field = None
ratelimit_rate = '5/m'
ratelimit_skip_if = None
ratelimit_keys = None
def get_ratelimit_config(self):
return dict(
(k[len("ratelimit_"):], v)
for k, v in vars(self.__class__).items()
if k.startswith("ratelimit")
)
def dispatch(self, *args, **kwargs):
return ratelimit(
**self.get_ratelimit_config()
)(super(RateLimitMixin, self).dispatch)(*args, **kwargs)

1
ratelimit/models.py Normal file
View File

@ -0,0 +1 @@
# This module intentionally left blank.

429
ratelimit/tests.py Normal file
View File

@ -0,0 +1,429 @@
import django
from django.core.cache import cache, InvalidCacheBackendError
from django.test import RequestFactory, TestCase
from django.test.utils import override_settings
from django.views.generic import View
from ratelimit.decorators import ratelimit
from ratelimit.exceptions import Ratelimited
from ratelimit.mixins import RateLimitMixin
from ratelimit.helpers import is_ratelimited
class RatelimitTests(TestCase):
def setUp(self):
cache.clear()
def test_limit_ip(self):
@ratelimit(ip=True, method=None, rate='1/m', block=True)
def view(request):
return True
req = RequestFactory().get('/')
assert view(req), 'First request works.'
with self.assertRaises(Ratelimited):
view(req)
def test_block(self):
@ratelimit(ip=True, method=None, rate='1/m', block=True)
def blocked(request):
return request.limited
@ratelimit(ip=True, method=None, rate='1/m', block=False)
def unblocked(request):
return request.limited
req = RequestFactory().get('/')
assert not blocked(req), 'First request works.'
with self.assertRaises(Ratelimited):
blocked(req)
assert unblocked(req), 'Request is limited but not blocked.'
def test_method(self):
rf = RequestFactory()
post = rf.post('/')
get = rf.get('/')
@ratelimit(ip=True, method=['POST'], rate='1/m')
def limit_post(request):
return request.limited
@ratelimit(ip=True, method=['POST', 'GET'], rate='1/m')
def limit_get(request):
return request.limited
assert not limit_post(post), 'Do not limit first POST.'
assert limit_post(post), 'Limit second POST.'
assert not limit_post(get), 'Do not limit GET.'
assert limit_get(post), 'Limit first POST.'
assert limit_get(get), 'Limit first GET.'
def test_field(self):
james = RequestFactory().post('/', {'username': 'james'})
john = RequestFactory().post('/', {'username': 'john'})
@ratelimit(ip=False, field='username', rate='1/m')
def username(request):
return request.limited
assert not username(james), "james' first request is fine."
assert username(james), "james' second request is limited."
assert not username(john), "john's first request is fine."
def test_field_unicode(self):
post = RequestFactory().post('/', {'username': u'fran\xe7ois'})
@ratelimit(ip=False, field='username', rate='1/m')
def view(request):
return request.limited
assert not view(post), 'First request is not limited.'
assert view(post), 'Second request is limited.'
def test_field_empty(self):
post = RequestFactory().post('/', {})
@ratelimit(ip=False, field='username', rate='1/m')
def view(request):
return request.limited
assert not view(post), 'First request is not limited.'
assert view(post), 'Second request is limited.'
def test_rate(self):
req = RequestFactory().post('/')
@ratelimit(ip=True, rate='2/m')
def twice(request):
return request.limited
assert not twice(req), 'First request is not limited.'
assert not twice(req), 'Second request is not limited.'
assert twice(req), 'Third request is limited.'
def test_skip_if(self):
req = RequestFactory().post('/')
@ratelimit(rate='1/m', skip_if=lambda r: getattr(r, 'skip', False))
def view(request):
return request.limited
assert not view(req), 'First request is not limited.'
assert view(req), 'Second request is limited.'
del req.limited
req.skip = True
assert not view(req), 'Skipped request is not limited.'
@override_settings(RATELIMIT_USE_CACHE='fake.cache')
def test_bad_cache(self):
"""The RATELIMIT_USE_CACHE setting works if the cache exists."""
@ratelimit()
def view(request):
return request
req = RequestFactory().post('/')
with self.assertRaises(InvalidCacheBackendError):
view(req)
def test_keys(self):
"""Allow custom functions to set cache keys."""
class User(object):
def __init__(self, authenticated=False):
self.pk = 1
self.authenticated = authenticated
def is_authenticated(self):
return self.authenticated
def user_or_ip(req):
if req.user.is_authenticated():
return 'uip:%d' % req.user.pk
return 'uip:%s' % req.META['REMOTE_ADDR']
@ratelimit(ip=False, rate='1/m', block=False, keys=user_or_ip)
def view(request):
return request.limited
req = RequestFactory().post('/')
req.user = User(authenticated=False)
assert not view(req), 'First unauthenticated request is allowed.'
assert view(req), 'Second unauthenticated request is limited.'
del req.limited
req.user = User(authenticated=True)
assert not view(req), 'First authenticated request is allowed.'
assert view(req), 'Second authenticated is limited.'
def test_stacked_decorator(self):
"""Allow @ratelimit to be stacked."""
# Put the shorter one first and make sure the second one doesn't
# reset request.limited back to False.
@ratelimit(ip=False, rate='1/m', block=False, keys=lambda x: 'min')
@ratelimit(ip=False, rate='10/d', block=False, keys=lambda x: 'day')
def view(request):
return request.limited
req = RequestFactory().post('/')
assert not view(req), 'First unauthenticated request is allowed.'
assert view(req), 'Second unauthenticated request is limited.'
def test_is_ratelimited(self):
def get_keys(request):
return 'test_is_ratelimited_key'
def not_increment(request):
return is_ratelimited(request, increment=False, ip=False,
method=None, keys=[get_keys], rate='1/m')
def do_increment(request):
return is_ratelimited(request, increment=True, ip=False,
method=None, keys=[get_keys], rate='1/m')
req = RequestFactory().get('/')
# Does not increment. Count still 0. Does not rate limit
# because 0 < 1.
assert not not_increment(req), 'Request should not be rate limited.'
# Increments. Does not rate limit because 0 < 1. Count now 1.
assert not do_increment(req), 'Request should not be rate limited.'
# Does not increment. Count still 1. Rate limits because 1 < 1
# is false.
assert not_increment(req), 'Request should be rate limited.'
#do it here, since python < 2.7 does not have unittest.skipIf
if django.VERSION >= (1, 4):
class RateLimitCBVTests(TestCase):
SKIP_REASON = u'Class Based View supported by Django >=1.4'
def setUp(self):
cache.clear()
def test_limit_ip(self):
class RLView(RateLimitMixin, View):
ratelimit_ip = True
ratelimit_method = None
ratelimit_rate = '1/m'
ratelimit_block = True
rlview = RLView.as_view()
req = RequestFactory().get('/')
assert rlview(req), 'First request works.'
with self.assertRaises(Ratelimited):
rlview(req)
def test_block(self):
class BlockedView(RateLimitMixin, View):
ratelimit_ip = True
ratelimit_method = None
ratelimit_rate = '1/m'
ratelimit_block = True
def get(self, request, *args, **kwargs):
return request.limited
class UnBlockedView(RateLimitMixin, View):
ratelimit_ip = True
ratelimit_method = None
ratelimit_rate = '1/m'
ratelimit_block = False
def get(self, request, *args, **kwargs):
return request.limited
blocked = BlockedView.as_view()
unblocked = UnBlockedView.as_view()
req = RequestFactory().get('/')
assert not blocked(req), 'First request works.'
with self.assertRaises(Ratelimited):
blocked(req)
assert unblocked(req), 'Request is limited but not blocked.'
def test_method(self):
rf = RequestFactory()
post = rf.post('/')
get = rf.get('/')
class LimitPostView(RateLimitMixin, View):
ratelimit_ip = True
ratelimit_method = ['POST']
ratelimit_rate = '1/m'
def post(self, request, *args, **kwargs):
return request.limited
get = post
class LimitGetView(RateLimitMixin, View):
ratelimit_ip = True
ratelimit_method = ['POST', 'GET']
ratelimit_rate = '1/m'
def post(self, request, *args, **kwargs):
return request.limited
get = post
limit_post = LimitPostView.as_view()
limit_get = LimitGetView.as_view()
assert not limit_post(post), 'Do not limit first POST.'
assert limit_post(post), 'Limit second POST.'
assert not limit_post(get), 'Do not limit GET.'
assert limit_get(post), 'Limit first POST.'
assert limit_get(get), 'Limit first GET.'
def test_field(self):
james = RequestFactory().post('/', {'username': 'james'})
john = RequestFactory().post('/', {'username': 'john'})
class UsernameView(RateLimitMixin, View):
ratelimit_ip = False
ratelimit_field = 'username'
ratelimit_rate = '1/m'
def post(self, request, *args, **kwargs):
return request.limited
get = post
username = UsernameView.as_view()
assert not username(james), "james' first request is fine."
assert username(james), "james' second request is limited."
assert not username(john), "john's first request is fine."
def test_field_unicode(self):
post = RequestFactory().post('/', {'username': u'fran\xe7ois'})
class UsernameView(RateLimitMixin, View):
ratelimit_ip = False
ratelimit_field = 'username'
ratelimit_rate = '1/m'
def post(self, request, *args, **kwargs):
return request.limited
get = post
view = UsernameView.as_view()
assert not view(post), 'First request is not limited.'
assert view(post), 'Second request is limited.'
def test_field_empty(self):
post = RequestFactory().post('/', {})
class EmptyFieldView(RateLimitMixin, View):
ratelimit_ip = False
ratelimit_field = 'username'
ratelimit_rate = '1/m'
def post(self, request, *args, **kwargs):
return request.limited
get = post
view = EmptyFieldView.as_view()
assert not view(post), 'First request is not limited.'
assert view(post), 'Second request is limited.'
def test_rate(self):
req = RequestFactory().post('/')
class TwiceView(RateLimitMixin, View):
ratelimit_ip = True
ratelimit_rate = '2/m'
def post(self, request, *args, **kwargs):
return request.limited
get = post
twice = TwiceView.as_view()
assert not twice(req), 'First request is not limited.'
assert not twice(req), 'Second request is not limited.'
assert twice(req), 'Third request is limited.'
def test_skip_if(self):
req = RequestFactory().post('/')
class SkipIfView(RateLimitMixin, View):
ratelimit_rate = '1/m'
ratelimit_skip_if = lambda r: getattr(r, 'skip', False)
def post(self, request, *args, **kwargs):
return request.limited
get = post
view = SkipIfView.as_view()
assert not view(req), 'First request is not limited.'
assert view(req), 'Second request is limited.'
del req.limited
req.skip = True
assert not view(req), 'Skipped request is not limited.'
@override_settings(RATELIMIT_USE_CACHE='fake-cache')
def test_bad_cache(self):
"""The RATELIMIT_USE_CACHE setting works if the cache exists."""
class BadCacheView(RateLimitMixin, View):
def post(self, request, *args, **kwargs):
return request
get = post
view = BadCacheView.as_view()
req = RequestFactory().post('/')
with self.assertRaises(InvalidCacheBackendError):
view(req)
def test_keys(self):
"""Allow custom functions to set cache keys."""
class User(object):
def __init__(self, authenticated=False):
self.pk = 1
self.authenticated = authenticated
def is_authenticated(self):
return self.authenticated
def user_or_ip(req):
if req.user.is_authenticated():
return 'uip:%d' % req.user.pk
return 'uip:%s' % req.META['REMOTE_ADDR']
class KeysView(RateLimitMixin, View):
ratelimit_ip = False
ratelimit_block = False
ratelimit_rate = '1/m'
ratelimit_keys = user_or_ip
def post(self, request, *args, **kwargs):
return request.limited
get = post
view = KeysView.as_view()
req = RequestFactory().post('/')
req.user = User(authenticated=False)
assert not view(req), 'First unauthenticated request is allowed.'
assert view(req), 'Second unauthenticated request is limited.'
del req.limited
req.user = User(authenticated=True)
assert not view(req), 'First authenticated request is allowed.'
assert view(req), 'Second authenticated is limited.'

20
run.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/bash
export PYTHONPATH=".:$PYTHONPATH"
export DJANGO_SETTINGS_MODULE="test_settings"
usage() {
echo "USAGE: $0 [command]"
echo " test - run the jsonview tests"
echo " shell - open the Django shell"
exit 1
}
case "$1" in
"test" )
django-admin.py test ratelimit ;;
"shell" )
django-admin.py shell ;;
* )
usage ;;
esac

29
setup.py Normal file
View File

@ -0,0 +1,29 @@
from setuptools import setup, find_packages
from ratelimit import __version__
setup(
name='django-ratelimit',
version=__version__,
description='Cache-based rate-limiting for Django.',
long_description=open('README.rst').read(),
author='James Socol',
author_email='james@mozilla.com',
url='http://github.com/jsocol/django-ratelimit',
license='Apache Software License',
packages=find_packages(exclude=['test_settings']),
include_package_data=True,
package_data = {'': ['README.rst']},
classifiers=[
'Development Status :: 4 - Beta',
'Environment :: Web Environment',
'Environment :: Web Environment :: Mozilla',
'Framework :: Django',
'Intended Audience :: Developers',
'License :: OSI Approved :: Apache Software License',
'Operating System :: OS Independent',
'Programming Language :: Python',
'Topic :: Software Development :: Libraries :: Python Modules',
]
)

21
test_settings.py Normal file
View File

@ -0,0 +1,21 @@
SECRET_KEY = 'ratelimit'
INSTALLED_APPS = (
'ratelimit',
)
RATELIMIT_USE_CACHE = 'default'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'ratelimit-tests',
},
}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': 'test.db',
},
}

40
tox.ini Normal file
View File

@ -0,0 +1,40 @@
[testenv]
commands = ./run.sh test
# python 3.3
[testenv:py33-1.6]
basepython = python3.3
deps = Django>=1.6,<1.6.99
[testenv:py33-1.5]
basepython = python3.3
deps = Django>=1.5,<1.5.99
# python 2.7
[testenv:py27-1.6]
basepython = python2.7
deps = Django>=1.6,<1.6.99
[testenv:py27-1.5]
basepython = python2.7
deps = Django>=1.5,<1.5.99
[testenv:py27-1.4]
basepython = python2.7
deps = Django>=1.4,<1.4.99
# python 2.6
[testenv:py26-1.6]
basepython = python2.6
deps = Django>=1.6,<1.6.99
[testenv:py26-1.5]
basepython = python2.6
deps = Django>=1.5,<1.5.99
[testenv:py26-1.4]
basepython = python2.6
deps = Django>=1.4,<1.4.99