Comments (8)
I have the same issue using a Postgres cache.
from django-ratelimit.
I'm curious if the ratelimiter still works or if these errors are more of an annoyance/noise for logs?
When we de-pickle the values, they're single integers, like 1, 2, 3, etc.
Those are the usage counts.
I don't know that this is fixable. The first thing ratelimit tries to do is add the new key to the cache, and whether that succeeds or fails is important for the rest of processing the request. It also looks like the database backend doesn't have an atomic increment—and since it's storing encoded, pickled values, I'm not sure that it could.
Given the lack of atomic increment, I'm not sure it's reasonable to call the database backend "supported" for use with this library. Races will potentially allow multiple transactions to commit the same count number.
I do think it might be possible to build a "partial" implementation of the cache interface base—one that only supports integer values and so can support atomic/transactional increment—based on a dedicated model. That would require its own expired-row-reaping cron, too, since it wouldn't be in the usual cache table. I'd be very open to including an implementation like that, maybe in django_ratelimit/contrib/modelcache
or something similar, but I'm probably not going to take it on myself.
(Theoretically there are a few ways to make this library work but it requires a storage mechanism with either atomic increment or check-and-set to work reliably.)
At the very least, I will add something to the documentation, though, about requiring a cache backend with support for an atomic increments to work reliably.
from django-ratelimit.
Realistically should not be using database as cache for something like this
from django-ratelimit.
have the same issue
from django-ratelimit.
That would require its own expired-row-reaping cron, too, since it wouldn't be in the usual cache table
I'm not sure it would be required... couldn't you just could have a second ORM call that reaps expired rows as part of the same thread of execution that does the atomic insert on the model table?
from django-ratelimit.
Realistically should not be using database as cache for something like this
I get why you're being downvoted, but I agree. If you're using a rate limit to protect your DB from crashing, then storing the rate limit in the DB makes no sense, because no DB == no rate limit.
from django-ratelimit.
no DB == no rate limit.
no DB => no website
You might be using ratelimiting to protect against other types of annoying behavior, such as sign-up spam or a lot of form submissions.
from django-ratelimit.
That would require its own expired-row-reaping cron, too, since it wouldn't be in the usual cache table
I'm not sure it would be required... couldn't you just could have a second ORM call that reaps expired rows as part of the same thread of execution that does the atomic insert on the model table?
True, maybe not required but definitely preferable to doing several queries to check the ratelimits before we even get to the view.
I added notes to the docs in #265 highlighting the need for atomic increments.
I'm still open to either contrib
-style implementation of the partial cache interface, or other ideas or recipes to add to the docs, if anyone is interested in pursuing those. For now, I'm going to close this out and say that the DB cache backends and any others without atomic increment operations aren't supported.
from django-ratelimit.
Related Issues (20)
- ניסיון HOT 1
- [catchup] Double check CI and branch protection config HOT 1
- [catchup] Drop Python 2 support HOT 1
- [catchup] Test against modern Django HOT 1
- Automate releases
- Change default value of block kwarg
- Update package config to pyproject.toml
- `mixins.py` removed from `4.0` HOT 1
- Wrong project link on pypi HOT 4
- Unable to rate-limit on arg/kwarg value HOT 2
- Support for Django's built in `RedisCache` cache backend
- get_usage on class based view
- Expire time of Multiple ratelimit on same view not seem correct.
- Incorrect homepage link on PyPI HOT 2
- Feature request: Attach information about rate-limit violations to request object for use in custom middleware
- Blacken Codes HOT 1
- Add async support? HOT 18
- Add a configurable cache key timeout
- Add informational headers for rate-limit HOT 4
- Wrong Status Code HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-ratelimit.