litestar
litestar copied to clipboard
litestar-org
Enhancement: Rate Limit Config
About class starlite.middleware.rate_limit.RateLimitConfig
this, rate_limit: Tuple[Literal['second', 'minute', 'hour', 'day'], int]
A tuple containing a time unit (second, minute, hour, day) and quantity, e.g. (“day”, 100) or (“minute”, 5) could be changed to [ (“day”, 100) ,(“minute”, 5),("second",1)]?
What would the behaviour be if it's a list?
For some people, there is more choice.
Sometimes it is more appropriate to combine several conditions.
But what would the behaviour be? If you define multiple limits, when would which limit be applied? Randomly? This doesn't make a lot of sense to me, since "5 minutes" necessarily includes "1 second", so what happens if I define both?
But what would the behaviour be? If you define multiple limits, when would which limit be applied? Randomly? This doesn't make a lot of sense to me, since "5 minutes" necessarily includes "1 second", so what happens if I define both?
Sorry, My statement is not very clear.
rate_limits=(('second',10),('minute',100),('hour',2000))
or rate_limits=[('second',10),('hour',1000),('day',5000)]
('second',10) => 10 requests per second ('minute',100) =>100 requests per minute ('hour',2000) =>2000 requests per hour
If one of the above three conditions is met first, trigger and return 429.
The above conditions can be combined at will.
But what would the behaviour be? If you define multiple limits, when would which limit be applied? Randomly? This doesn't make a lot of sense to me, since "5 minutes" necessarily includes "1 second", so what happens if I define both?
Sorry, My statement is not very clear.
rate_limits=(('second',10),('minute',100),('hour',2000))orrate_limits=[('second',10),('hour',1000),('day',5000)]('second',10) => 10 requests per second ('minute',100) =>100 requests per minute ('hour',2000) =>1000 requests per hour
If one of the above three conditions is met first, trigger and return 429.
The above conditions can be combined at will.
That makes sense.
I don't have an objection - PR is welcome
Just adding this library in-case one decide to use third party lib,
https://limits.readthedocs.io/en/stable/quickstart.html#examples
Examples:
- 10 per hour
- 10/hour
- 10/hour;100/day;2000 per year
- 100/day, 500/7days
How it use with flask: https://flask-limiter.readthedocs.io/en/stable/
I'm seeing that this issue has a PR closed, any objections if I open one to try work on it?
@JacobCoffee following draft-ietf-httpapi-ratelimit-headers-07 it seems that for multiple rete-limits in the Response Headers the key RateLimit-Policy can have multiple values one next to the other like this: RateLimit-Policy: 10;w=1, 50;w=60, but for the RateLimit key there are no specifications on what to show when multiple rate limits were configured, I found this though:
Content-Type: application/json
RateLimit: limit=5000, remaining=100, reset=36000
RateLimit-Policy: 1000;w=3600, 5000;w=86400
Where it seems that the RateLimit header is set to the larger number, is this the path we would like to follow here?
I think the header reflecting largest/most restrictive is right, but I'm out of my comfort zone here @litestar-org/members ?
@cofin I actually had something working with a unit test that I needed to improve, but due to lack of time I wasn't able to finish, feel free to give it to somebody else. I'll come back later to work on another issue as soon as I have the time.
