simonw / ratelimitcache Goto Github PK
View Code? Open in Web Editor NEWA memcached backed rate limiting decorator for Django.
Home Page: http://simonwillison.net/2009/Jan/7/ratelimitcache/
A memcached backed rate limiting decorator for Django.
Home Page: http://simonwillison.net/2009/Jan/7/ratelimitcache/
ratelimitcache for Django ========================= By Simon Willison - http://simonwillison.net/ A rate limiter that uses Django's cache framework, with no requirement for a persistent data store. More information: http://simonwillison.net/2009/Jan/7/ratelimitcache/ Installation: Place the ratelimitcache.py on your Python path. Configure your CACHE_BACKEND setting. For best results, use the memcached backend - the other backends do not provide an atomic counter increment and so may suffer from less effective limiting due to race conditions. Cache documentation: http://docs.djangoproject.com/en/dev/topics/cache/ Demo: cd demo/ ./manage.py runserver 8008 Now browse to: http://localhost:8008/ http://localhost:8008/debug/ http://localhost:8008/login/ Basic usage (max 20 requests every 3 minutes): from ratelimitcache import ratelimit @ratelimit(minutes = 3, requests = 20) def myview(request): # ... return HttpResponse('...') Protecting a login form, i.e rate limit on IP address and attempted username: from ratelimitcache import ratelimit_post @ratelimit_post(minutes = 3, requests = 10, key_field = 'username') def login(request): # ... return HttpResponse('...') You can also use it directly in urls.py. Here's how you would use it with the login() view function provided by Django: from ratelimitcache import ratelimit_post from django.contrib.auth.views import login urlpatterns = patterns('', #... (r'^login/$', ratelimit_post( minutes = 3, requests = 10, key_field = 'username' )(login)), ) Custom behaviour, e.g. logging when the rate limit condition fails: from ratelimitcache import ratelimit from my_logging_app.models import Log import datetime, pprint class ratelimit_with_logging(ratelimit): def disallowed(self, request): Log.objects.create( ip_address = request.META.get('REMOTE_ADDR'), path = request.path, counters = pprint.pformat( self.get_counters(reqest) ), created = datetime.datetime.now() ) return HttpResponseForbidden('Rate limit exceeded') @ratelimit_with_logging(minutes = 3, requests = 20) def myview(request): # ... return HttpResponse('...')
To make this software work on Django 1.3, I had to modify lines 46 & 47 in the cache_incr(self, key) function in ratelimitcache.py:
I changed these two lines:
cache._cache.add(key, '0', time=self.expire_after())
cache._cache.incr(key)
To:
cache.add(key, '0', self.expire_after())
cache.incr(key)
I must say, ratelimitcache is a great idea for throttling certain pages!
For compatibility with older python version, in django.utils.hashcompat there is a sha_constructor that can be used specifically for this.
So,
value = sha.new(request.POST.get(self.key_field, '')).hexdigest()
could be replaced with:
from django.utils.hashcompat import sha_constructor
value = sha_constructor(request.POST.get(self.key_field, '')).hexdigest()
http://code.djangoproject.com/browser/django/trunk/django/utils/hashcompat.py
Rather than hexdigest() could be used base64 to save space.
Using python-memcache and the memcached backend in Django, the return from line 32 is a list of strings. This throws an exception on line 35 when the sum is attempted. I modified line 32 to the following to correct the issue.
counts = [int(x) for x in self.get_counters(request).values()]
Hi,
I tried to use cache._cache in another function and realized that this throws an AttributeError because _cache is not defined and that everything inside the try/except is actually incorrect and the code works because it always goes to the except branch. If you change cache._cache to just be cache it will actually break the code - replacing the whole content of the function by cache.set(key, cache.get(key, 0) + 1, self.expire_after()) fixes it.
Just something to be aware of.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.