anoopmb
/
frappe
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
36940 коммитов
1 ветка
314 MiB
 
 
 
 
 
 
Дерево: 873c4ad0ec
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '873c4ad0ec'
${ noResults }
frappe/frappe/rate_limiter.py

139 строки
4.0 KiB
Исходник Вина История 

  1. # -*- coding: utf-8 -*-

  2. # Copyright (c) 2020, Frappe Technologies Pvt. Ltd. and Contributors

  3. # License: MIT. See LICENSE

  4. 

  5. from datetime import datetime

  6. from functools import wraps

  7. from typing import Union, Callable

  8. 

  9. from werkzeug.wrappers import Response

  10. 

  11. import frappe

  12. from frappe import _

  13. from frappe.utils import cint

  14. 

  15. 

  16. def apply():

  17. 	rate_limit = frappe.conf.rate_limit

  18. 	if rate_limit:

  19. 		frappe.local.rate_limiter = RateLimiter(rate_limit["limit"], rate_limit["window"])

  20. 		frappe.local.rate_limiter.apply()

  21. 

  22. 

  23. def update():

  24. 	if hasattr(frappe.local, "rate_limiter"):

  25. 		frappe.local.rate_limiter.update()

  26. 

  27. 

  28. def respond():

  29. 	if hasattr(frappe.local, "rate_limiter"):

  30. 		return frappe.local.rate_limiter.respond()

  31. 

  32. 

  33. class RateLimiter:

  34. 	def __init__(self, limit, window):

  35. 		self.limit = int(limit * 1000000)

  36. 		self.window = window

  37. 

  38. 		self.start = datetime.utcnow()

  39. 		timestamp = int(frappe.utils.now_datetime().timestamp())

  40. 

  41. 		self.window_number, self.spent = divmod(timestamp, self.window)

  42. 		self.key = frappe.cache().make_key(f"rate-limit-counter-{self.window_number}")

  43. 		self.counter = cint(frappe.cache().get(self.key))

  44. 		self.remaining = max(self.limit - self.counter, 0)

  45. 		self.reset = self.window - self.spent

  46. 

  47. 		self.end = None

  48. 		self.duration = None

  49. 		self.rejected = False

  50. 

  51. 	def apply(self):

  52. 		if self.counter > self.limit:

  53. 			self.rejected = True

  54. 			self.reject()

  55. 

  56. 	def reject(self):

  57. 		raise frappe.TooManyRequestsError

  58. 

  59. 	def update(self):

  60. 		self.end = datetime.utcnow()

  61. 		self.duration = int((self.end - self.start).total_seconds() * 1000000)

  62. 

  63. 		pipeline = frappe.cache().pipeline()

  64. 		pipeline.incrby(self.key, self.duration)

  65. 		pipeline.expire(self.key, self.window)

  66. 		pipeline.execute()

  67. 

  68. 	def headers(self):

  69. 		headers = {

  70. 			"X-RateLimit-Reset": self.reset,

  71. 			"X-RateLimit-Limit": self.limit,

  72. 			"X-RateLimit-Remaining": self.remaining,

  73. 		}

  74. 		if self.rejected:

  75. 			headers["Retry-After"] = self.reset

  76. 		else:

  77. 			headers["X-RateLimit-Used"] = self.duration

  78. 

  79. 		return headers

  80. 

  81. 	def respond(self):

  82. 		if self.rejected:

  83. 			return Response(_("Too Many Requests"), status=429)

  84. 

  85. def rate_limit(key: str = None, limit: Union[int, Callable] = 5, seconds: int = 24*60*60, methods: Union[str, list] = 'ALL', ip_based: bool = True):

  86. 	"""Decorator to rate limit an endpoint.

  87. 

  88. 	This will limit Number of requests per endpoint to `limit` within `seconds`.

  89. 	Uses redis cache to track request counts.

  90. 

  91. 	:param key: Key is used to identify the requests uniqueness (Optional)

  92. 	:param limit: Maximum number of requests to allow with in window time

  93. 	:type limit: Callable or Integer

  94. 	:param seconds: window time to allow requests

  95. 	:param methods: Limit the validation for these methods.

  96. 		`ALL` is a wildcard that applies rate limit on all methods.

  97. 	:type methods: string or list or tuple

  98. 	:param ip_based: flag to allow ip based rate-limiting

  99. 	:type ip_based: Boolean

  100. 

  101. 	:returns: a decorator function that limit the number of requests per endpoint

  102. 	"""

  103. 	def ratelimit_decorator(fun):

  104. 		@wraps(fun)

  105. 		def wrapper(*args, **kwargs):

  106. 			# Do not apply rate limits if method is not opted to check

  107. 			if methods != 'ALL' and frappe.request and frappe.request.method and frappe.request.method.upper() not in methods:

  108. 				return frappe.call(fun, **frappe.form_dict or kwargs)

  109. 

  110. 			_limit = limit() if callable(limit) else limit

  111. 

  112. 			ip = frappe.local.request_ip if ip_based is True else None

  113. 

  114. 			user_key = frappe.form_dict[key] if key else None

  115. 

  116. 			identity = None

  117. 

  118. 			if key and ip_based:

  119. 				identity = ":".join([ip, user_key])

  120. 

  121. 			identity = identity or ip or user_key

  122. 

  123. 			if not identity:

  124. 				frappe.throw(_('Either key or IP flag is required.'))

  125. 

  126. 			cache_key = f"rl:{frappe.form_dict.cmd}:{identity}"

  127. 

  128. 			value = frappe.cache().get(cache_key) or 0

  129. 			if not value:

  130. 				frappe.cache().setex(cache_key, seconds, 0)

  131. 

  132. 			value = frappe.cache().incrby(cache_key, 1)

  133. 			if value > _limit:

  134. 				frappe.throw(_("You hit the rate limit because of too many requests. Please try after sometime."))

  135. 

  136. 			return frappe.call(fun, **frappe.form_dict or kwargs)

  137. 		return wrapper

  138. 	return ratelimit_decorator