swh.web.api.throttling module

class swh.web.api.throttling.SwhWebRateThrottle

Bases: rest_framework.throttling.ScopedRateThrottle

Custom request rate limiter for DRF enabling to exempt specific networks specified in swh-web configuration.

Requests are grouped into scopes. It enables to apply different requests rate limiting based on the scope name but also the input HTTP request types.

To associate a scope to requests, one must add a ‘throttle_scope’ attribute when using a class based view, or call the ‘throttle_scope’ decorator when using a function based view. By default, requests do not have an associated scope and are not rate limited.

Rate limiting can also be configured according to the type of the input HTTP requests for fine grained tuning.

For instance, the following YAML configuration section sets a rate of:

• 1 per minute for POST requests

• 60 per minute for other request types

for the ‘swh_api’ scope while exempting those coming from the 127.0.0.0/8 ip network.

throttling:
    scopes:
        swh_api:
            limiter_rate:
                default: 60/m
                POST: 1/m
            exempted_networks:
                - 127.0.0.0/8

scope = None

get_exempted_networks(scope_name: str) → List[Union[ipaddress.IPv4Network, ipaddress.IPv6Network]]

allow_request(request: rest_framework.request.Request, view: APIView) → bool

Implement the check to see if the request should be throttled.

On success calls throttle_success. On failure calls throttle_failure.

swh.web.api.throttling.throttle_scope(scope: str) → Callable[[…], APIView]

Decorator that allows the throttle scope of a DRF function based view to be set:

@api_view(['GET', ])
@throttle_scope('scope')
def view(request):
    ...