Menu
https://flask-limiter.readthedocs.io/en/stable/
I am looking at Flask-Limiter's documentations and I'm unable to find how to rate-limit per user, everything is globally. Example, Instead of setting it to max 200 requests by all users, how can I make it 200 requests per day by a single user? (IP, or any other identification I don't know what's used)
751
asked Sep 03 '25 05:09
I found this in the recipes:
Rate limiting a route by current user (using Flask-Login):
@route("/test")
@login_required
@limiter.limit("1 per day", key_func = lambda : current_user.username)
def test_route():
return "42"
UPDATED: added simple example
Here is a simple Flask app implementing the recipe to give you better idea:
from flask import Flask, redirect
from flask_login import (
LoginManager,
UserMixin,
current_user,
login_required,
login_user,
logout_user
)
from flask_limiter import Limiter
app = Flask(__name__)
# flask-login
app.secret_key = 'super secret string'
login_manager = LoginManager()
login_manager.init_app(app)
# flask-limiter
limiter = Limiter(app)
# user class
class User(UserMixin):
def __init__(self, id):
self.id = id
self.username = id
# memory storage
users = [User('user')]
@login_manager.user_loader
def load_user(user_id):
return users[0]
@app.route('/')
def index():
return 'Hello, World!'
@app.route('/login')
def login():
if not current_user.is_authenticated:
login_user(users[0])
return redirect('/secured')
@app.route('/logout')
@login_required
def logout():
logout_user()
return redirect('/')
@app.route('/secured')
@login_required
@limiter.limit("2 per day", key_func = lambda : current_user.username)
def secured():
return f"Hello, {current_user.id}"
if __name__ == '__main__':
app.run()
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
