Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I rate-limit my Flask application per user?

https://flask-limiter.readthedocs.io/en/stable/

I am looking at Flask-Limiter's documentations and I'm unable to find how to rate-limit per user, everything is globally. Example, Instead of setting it to max 200 requests by all users, how can I make it 200 requests per day by a single user? (IP, or any other identification I don't know what's used)

like image 751
ammarsys Avatar asked Sep 03 '25 05:09

ammarsys


1 Answers

I found this in the recipes:

Rate limiting a route by current user (using Flask-Login):

@route("/test")
@login_required
@limiter.limit("1 per day", key_func = lambda : current_user.username)
def test_route():
    return "42"

UPDATED: added simple example

Here is a simple Flask app implementing the recipe to give you better idea:


from flask import Flask, redirect
from flask_login import (
    LoginManager, 
    UserMixin, 
    current_user, 
    login_required,
    login_user, 
    logout_user
)
from flask_limiter import Limiter                    

app = Flask(__name__)

# flask-login
app.secret_key = 'super secret string' 
login_manager = LoginManager()
login_manager.init_app(app)

# flask-limiter
limiter = Limiter(app)

# user class
class User(UserMixin):
    def __init__(self, id):
        self.id = id
        self.username = id

# memory storage
users = [User('user')]

@login_manager.user_loader
def load_user(user_id):
    return users[0]

@app.route('/')
def index():
    return 'Hello, World!'

@app.route('/login')
def login():
    if not current_user.is_authenticated:
        login_user(users[0])
    return redirect('/secured')

@app.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect('/')

@app.route('/secured')
@login_required
@limiter.limit("2 per day", key_func = lambda : current_user.username)
def secured():
    return f"Hello, {current_user.id}"

if __name__ == '__main__':    
    app.run()


like image 96
Yohanes Gultom Avatar answered Sep 04 '25 17:09

Yohanes Gultom