Rate limiting for flask applications
.. |ci| image:: https://github.com/alisaifee/flask-limiter/workflows/CI/badge.svg?branch=master :target: https://github.com/alisaifee/flask-limiter/actions?query=branch%3Amaster+workflow%3ACI .. |codecov| image:: https://codecov.io/gh/alisaifee/flask-limiter/branch/master/graph/badge.svg :target: https://codecov.io/gh/alisaifee/flask-limiter .. |pypi| image:: https://img.shields.io/pypi/v/Flask-Limiter.svg?style=flat-square :target: https://pypi.python.org/pypi/Flask-Limiter .. |license| image:: https://img.shields.io/pypi/l/Flask-Limiter.svg?style=flat-square :target: https://pypi.python.org/pypi/Flask-Limiter .. |docs| image:: https://readthedocs.org/projects/flask-limiter/badge/?version=latest :target: https://flask-limiter.readthedocs.org/en/latest
Flask-Limiter
|docs| |ci| |codecov| |pypi| |license|
Flask-Limiter adds rate limiting to Flask <https://flask.palletsprojects.com>
_ applications.
Sponsored by Zuplo <https://zuplo.link/3NuX0co>
_ a fully-managed API Gateway for developers.
Add dynamic rate-limiting <https://zuplo.link/flask-dynamic-rate-limit>
_ authentication and more to any API in minutes.
Learn more at zuplo.com <https://zuplo.link/3NuX0co>
_
You can configure rate limits at different levels such as:
Blueprints <https://flask-limiter.readthedocs.io/en/latest/recipes.html#rate-limiting-all-routes-in-a-blueprint>
_Class-based views <https://flask-limiter.readthedocs.io/en/latest/recipes.html#using-flask-pluggable-views>
_individual routes <https://flask-limiter.readthedocs.io/en/latest/index.html#decorators-to-declare-rate-limits>
_Flask-Limiter can be configured <https://flask-limiter.readthedocs.io/en/latest/configuration.html>
_ to fit your application in many ways, including:
storage backends <https://flask-limiter.readthedocs.io/en/latest/#configuring-a-storage-backend>
_
(such as Redis, Memcached & MongoDB)
via limits <https://limits.readthedocs.io/en/stable/storage.html>
__limits <https://limits.readthedocs.io/en/stable/strategies.html>
__Follow the quickstart below to get started or read the documentation <http://flask-limiter.readthedocs.org/en/latest>
_ for more details.
.. code-block:: bash
pip install Flask-Limiter
.. code-block:: python
from flask import Flask from flask_limiter import Limiter from flask_limiter.util import get_remote_address
app = Flask(name) limiter = Limiter( get_remote_address, app=app, default_limits=["2 per minute", "1 per second"], storage_uri="memory://", # Redis # storage_uri="redis://localhost:6379", # Redis cluster # storage_uri="redis+cluster://localhost:7000,localhost:7001,localhost:70002", # Memcached # storage_uri="memcached://localhost:11211", # Memcached Cluster # storage_uri="memcached://localhost:11211,localhost:11212,localhost:11213", # MongoDB # storage_uri="mongodb://localhost:27017", strategy="fixed-window", # or "moving-window" )
@app.route("/slow") @limiter.limit("1 per day") def slow(): return "24"
@app.route("/fast") def fast(): return "42"
@app.route("/ping") @limiter.exempt def ping(): return 'PONG'
.. code-block:: bash
$ FLASK_APP=app:app flask limiter limits
app ├── fast: /fast │ ├── 2 per 1 minute │ └── 1 per 1 second ├── ping: /ping │ └── Exempt └── slow: /slow └── 1 per 1 day
.. code-block:: bash
$ FLASK_APP=app:app flask run
The fast
endpoint respects the default rate limit while the
slow
endpoint uses the decorated one. ping
has no rate limit associated
with it.
.. code-block:: bash
$ curl localhost:5000/fast 42 $ curl localhost:5000/fast 42 $ curl localhost:5000/fast
2 per 1 minute
$ curl localhost:5000/slow 24 $ curl localhost:5000/slow1 per 1 day
$ curl localhost:5000/ping PONG $ curl localhost:5000/ping PONG $ curl localhost:5000/ping PONG $ curl localhost:5000/ping PONG