search

frol / flask-restplus-server-example

Real-life RESTful server example on Flask-RESTplus
http://flask-restplus-example-server.herokuapp.com/api/v1/
MIT License
1.34k stars 342 forks source link

Compatibility of Flask-Limiter or a different form of rate limiting? #125

Closed theveloped closed 5 years ago

theveloped commented 5 years ago

I'm wondering or anyone has implemented a form of rate limiting that works with a flask-restplus-patched project? Flask-Limiter looks like a really nice project but will probably need some work getting it to work with this project.

frol commented 5 years ago

It seems that Flask-Limiter should just work fine.

theveloped commented 5 years ago

Awesome! Will give it a go and report back on how it turns out.

theveloped commented 5 years ago

It seems simply adding it straight to the extensions __init__.py file will get the job done. Here is a snippet from my init file:

from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
limiter = Limiter(key_func=get_remote_address, default_limits=["1 per minute"])

from . import api

def init_app(app):
    """
    Application extensions initialization.
    """
    for extension in (
            logging,
            cross_origin_resource_sharing,
            login_manager,
            marshmallow,
            api,
            oauth2,
            limiter,
        ):
        extension.init_app(app)

I'm however still having trouble on getting it to run with route or resource specific limits using the limiter decorators.

10000TB commented 5 years ago

@theveloped what specific issue are you having ?

After adding limiter through extension as you did, a simple snippet like follow works for me for what flask-limiter promised: note: set limiter decorator via decorator variable

from app.extensions import limiter

// .... ignore all other resources

@api.route('/account/verify')
 class IdentityVerify(Resource):
       """
       Handle identity verification.
       """
       decorators = [limiter.limit("10/second")]  # Notice this is different from the simple example
       @api.parameters(parameters.SomeParameters())
       @api.response(schemas.SomeSchema())
       def post(self, args):
            return {"verified": True}

Reference this for more details why decorating functions or class won't work: https://flask-limiter.readthedocs.io/en/stable/#using-flask-pluggable-views

10000TB commented 5 years ago

@theveloped can you confirm if the way demonstrated in the snippet above work for you ?

@frol We might as well include the example into main README for people who might be interested in integrating flask-limiter with this project :)

frol commented 5 years ago

@10000TB There is "Q&A about this project" link at the end of the README, which points to the issues tagged as "question".

theveloped commented 5 years ago

Hi @10000TB, Indeed this is how I've added it and it works exactly as promised!

frol commented 5 years ago

@theveloped Thanks to @10000TB effort, there is now a section in the README about Flask-* integration