search

long2ice / fastapi-limiter

A request rate limiter for fastapi
https://github.com/long2ice/fastapi-limiter
Apache License 2.0
487 stars 53 forks source link

Limits for different HTTP methods get merged together #24

Closed vvkh closed 1 year ago

vvkh commented 1 year ago

Imagine I have some kind of a form and I want to configure 2 different limits: one for opening the form and the other for submitting it.

@app.get("/", dependencies=[Depends(RateLimiter(times=10, seconds=5))])
async def form_get():
    return {"msg": "Hello World"}

@app.post("/", dependencies=[Depends(RateLimiter(times=1, seconds=5))])
async def form_post():
    return {"msg": "Hello World"}

Expected behaviour One could request the form 10 times in 5 seconds, and only after that would they get 429. However, even after that, they should be able to submit the form as they haven't made any POST requests yet.

Actual behaviour After sending 1 GET request user would get 429 when trying to submit the form.

See the commit in a forked repo with new test cases: https://github.com/vvkh/fastapi-limiter/commit/70338f968cc61649189a05cfe5fe2d7a43244dae