Open shreyanshdwivedi opened 5 years ago
Please implement rate limiting with user ID as key and fallback to IP for only unauthenticated users. I used to think this naive way of rate limiting is very easy until users of my college started to get limited despite being working from different computers. Because computers behind universities and companies sit behind a proxy which does Network Address Translation and maps internal IPs to a set of external IPs and blocking an IP would mean blocking the entire university and office. You would have implemented a denial of service for those users
I agree with your concern. I'm currently reading the docs and will keep it in mind
Also, this'll work for app.route
Also see what can be done for jsonapi controllers
Is your feature request related to a problem? Please describe.
Currently, there is no limiting factor on endpoints. Anyone can make a script and misuse it.
Describe the solution you'd like
https://flask-limiter.readthedocs.io/en/stable/
Additional context
https://github.com/fossasia/open-event-server/issues/6033 https://github.com/fossasia/open-event-server/issues/6033#issuecomment-501289551