def limiter(app): limiter = Limiter(app, key_func=get_remote_address, headers_enabled=True) limiter.header_mapping = { HEADERS.LIMIT: "X-My-Limit", HEADERS.RESET: "X-My-Reset", HEADERS.REMAINING: "X-My-Remaining" } return limiter.shared_limit(app.config['GLOBAL_RATE_LIMITS'], scope="salic_api")
lastfm_network = pylast.LastFMNetwork(api_key=config.lastfm_api_key, api_secret=config.lastfm_api_secret) @app.errorhandler(429) def ratelimit_handler(e): return random.choice( insults) + ", ratelimit exceeded %ss" % e.description, 429 @limiter.request_filter def channel_whitelist(): return request.args['channel_name'] == "random" gif_limit = limiter.shared_limit("1/2 minute", scope="gif") def resetlimit(user, limit, channel): if channel != "random": key = "LIMITER/" + request.args['user_name'] + "/" + limit + "/*" os.system('redis-cli KEYS ' + key + ' | xargs redis-cli DEL') class User(db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(80)) lastfm = db.Column(db.String(80)) hummingbird = db.Column(db.String(80)) def __init__(self, username, lastfm=None, hummingbird=None):
from flask import Flask from flask import request from flask_limiter import Limiter from flask_limiter.util import get_remote_address from data import Data app = Flask(__name__) limiter = Limiter( app, key_func=get_remote_address, default_limits=["600 per minute"], ) postgre_limit = limiter.shared_limit("600/minute", scope="postgre") cats_data = Data() @app.errorhandler(429) def ratelimit_handler(e): return '429 Too Many Requests' + '\n' @app.route('/') @limiter.exempt def index(): return 'Cats Service welcomes you.' + '\n' @app.route('/ping')
@app.route('/index3') @limiter.exempt def index3(): return jsonify({'response': 'We are not rate limited'}) @app.route("/expensive") # exempt_when=callable 当满足给定条件时,可以免除限制 @limiter.limit("1/day", exempt_when=lambda: get_remote_address() == "172.16.4.120") def expensive_route(): return jsonify({'response': 'you are wellcome!'}) # 多个路由应共享速率限制的情况(例如,访问有限速率的相同资源保护路由时) mysql_limit = limiter.shared_limit("2/hour", scope="mysql_flag") # 3) "LIMITER/172.16.4.120/mysql_flag/2/1/hour" @app.route('/index4') @mysql_limit def index4(): return jsonify({'response': 'mysql_limit'}) @app.route('/index5') @mysql_limit def index5(): return jsonify({'response': 'mysql_limit'})
app.config['MANDRILL_API_KEY'] = config.email.mandrill_api_key app.config['MANDRILL_DEFAULT_FROM'] = config.email.from_ # add sqlalchemy middleware db = SQLAlchemy(app) # add flask_kvsession middleware app.config['SESSION_KEY_BITS'] = 128 engine = create_engine('sqlite:///beerme/sessions.sqlite') metadata = MetaData(bind=engine) store = SQLAlchemyStore(engine, metadata, 'kvstore') metadata.create_all() KVSessionExtension(store, app) # add flask csrf middleware csrf = SeaSurf(app) # add rate limiting middleware limiter = Limiter(app) auth_limit = limiter.shared_limit("5/minute;1/second", scope="auth") # app constants SATOSHIS = 1e8 class User(db.Model): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String, unique=True) class Beer(db.Model): id = db.Column(db.Integer, primary_key=True) brew = db.Column(db.String) table = db.Column(db.String) name = db.Column(db.String)
from logging import FileHandler, WARNING from flask import Flask from flask_limiter import Limiter from flask_httpauth import HTTPBasicAuth from flask_sqlalchemy import SQLAlchemy from flask_limiter.util import get_remote_address # constant values DBFILE = "./pythonsqlite.db" APIKEY = 'ABCDEF123456789' RATE_LIMIT = "10/hour" API_VERSION = 'v1.0' # initialization APP = Flask(__name__) APP.config['SECRET_KEY'] = 'the quick brown fox jumps over the lazy dog' APP.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///' + DBFILE APP.config['SQLALCHEMY_COMMIT_ON_TEARDOWN'] = True # extensions if not APP.debug: FILE_HANDLER = FileHandler('errorLog.txt') FILE_HANDLER.setLevel(WARNING) APP.logger.addHandler(FILE_HANDLER) DB = SQLAlchemy(APP) AUTH = HTTPBasicAuth() LIMITER = Limiter(APP, key_func=get_remote_address, default_limits=["10 per minute"]) SHARED_LIMITER = LIMITER.shared_limit(RATE_LIMIT, scope="EXAM")
from app import app from flask_limiter import Limiter from flask_limiter.util import get_remote_address from flask.ext.limiter import HEADERS limiter = Limiter( app, key_func=get_remote_address, headers_enabled = True, ) limiter.header_mapping = { HEADERS.LIMIT : "X-My-Limit", HEADERS.RESET : "X-My-Reset", HEADERS.REMAINING: "X-My-Remaining" } shared_limiter = limiter.shared_limit(app.config['GLOBAL_RATE_LIMITS'], scope="salic_api")
return True else: return False lastfm_network = pylast.LastFMNetwork(api_key=config.lastfm_api_key, api_secret=config.lastfm_api_secret) @app.errorhandler(429) def ratelimit_handler(e): return random.choice(insults) + ", ratelimit exceeded %ss" % e.description, 429 @limiter.request_filter def channel_whitelist(): return request.args['channel_name'] == "random" gif_limit = limiter.shared_limit("1/2 minute", scope="gif") def resetlimit(user, limit, channel): if channel != "random": key = "LIMITER/" + request.args['user_name'] + "/" + limit + "/*" os.system('redis-cli KEYS ' + key + ' | xargs redis-cli DEL') class User(db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(80)) lastfm = db.Column(db.String(80)) hummingbird = db.Column(db.String(80)) def __init__(self, username, lastfm=None, hummingbird=None): self.username = username self.lastfm = lastfm self.hummingbird = hummingbird
app.config['MANDRILL_API_KEY'] = config.email.mandrill_api_key app.config['MANDRILL_DEFAULT_FROM'] = config.email.from_ # add sqlalchemy middleware db = SQLAlchemy(app) # add flask_kvsession middleware app.config['SESSION_KEY_BITS'] = 128 engine = create_engine('sqlite:///beerme/sessions.sqlite') metadata = MetaData(bind=engine) store = SQLAlchemyStore(engine, metadata, 'kvstore') metadata.create_all() KVSessionExtension(store, app) # add flask csrf middleware csrf = SeaSurf(app) # add rate limiting middleware limiter = Limiter(app) auth_limit = limiter.shared_limit("5/minute;1/second", scope="auth") # app constants SATOSHIS = 1e8 class User(db.Model): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String, unique=True) class Beer(db.Model): id = db.Column(db.Integer, primary_key=True) brew = db.Column(db.String) table = db.Column(db.String) name = db.Column(db.String) price_satoshis = db.Column(db.Integer) address = db.Column(db.String)
# APP app = Flask(__name__) app.config.from_mapping(**settings.APP_CONFIG) @app.route('/') def hello_world(): return render_template('index.html', **settings.WEBPAGE_INFO) # Limiter limiter = Limiter(app, key_func=get_remote_address) if app.config.get('API_RATE_LIMITER') is not None: api_limit = limiter.shared_limit(app.config.get('API_RATE_LIMITER'), scope='api') else: def dummy(f): return f api_limit = dummy # API api = Api(app) api_views.ListJournals.decorators = [api_limit] api.add_resource(api_views.ListJournals, '/api/journals') api_views.ListProviders.decorators = [api_limit] api.add_resource(api_views.ListProviders, '/api/providers')
import os from flask import Flask, request, make_response, jsonify, abort from flask_limiter import Limiter from flask_limiter.util import get_remote_address from waitress import serve root_directory = "/objects/" app = Flask(__name__) limiter = Limiter( app, key_func=get_remote_address, # default_limits=["10 per second"], ) shared_limit = limiter.shared_limit("10 per second", scope="shared") @app.route('/', methods=['GET']) @shared_limit def get_all(): return make_response(jsonify(os.listdir(root_directory)), 200) @app.route('/', methods=['DELETE']) @shared_limit #@limiter.limit("100 per second") def delete_all(): for file in os.listdir(root_directory): os.remove(root_directory + file) return '', 200
from app import app from flask_limiter import Limiter from flask_limiter.util import get_remote_address from flask.ext.limiter import HEADERS limiter = Limiter( app, key_func=get_remote_address, headers_enabled=True, ) limiter.header_mapping = { HEADERS.LIMIT: "X-My-Limit", HEADERS.RESET: "X-My-Reset", HEADERS.REMAINING: "X-My-Remaining" } shared_limiter = limiter.shared_limit(app.config['GLOBAL_RATE_LIMITS'], scope="salic_api")
# 自定义限制器覆盖了默认限制器,参数说明如下: # 1. param limit_value: 访问限制阈值 # 1. param exempt_when: 例外条件 (限制器只对使用不带debug访问的请求生效) # 2. param error_message: 错误的返回信息(注意,暂不支持中文,如果使用中文,请自定义错误页) # 3. param methods: 对哪些方法启用限制器? @limiter.limit(limit_value="1/minute", exempt_when=lambda: request.args.get("debug") is not None or request.form.get("debug") is not None, error_message="request be rejected", methods=['get']) def h3_func(): return "h3" """共享限制次数的限制器""" shared_limiter = limiter.shared_limit(limit_value="7/minute", scope="aaa") @app.route("/s1") # 和s2_func视图共享shared_limiter的限制阈值 @shared_limiter def s1_func(): return "s1" @app.route("/s2") # 和s1_func视图共享shared_limiter的限制阈值 @shared_limiter def s2_func(): return "s2"
from flask_limiter import Limiter from decorators import * from utils import * from models import * app = Flask(__name__) api = Api(app) api.route = types.MethodType(api_route, api) app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://*****:*****@localhost/mydatabase' db = SQLAlchemy(app) limiter = Limiter(app, key_func=get_apikey) limite_compartido = limiter.shared_limit("100/hour", scope="all") @api.route('/v1/') class Hello(Resource): decorators = [require_appkey, limite_compartido] def get(self): return { 'status':'OK', 'data': [ {'hello': 'world'}, ] } @limiter.request_filter def ip_whitelist(): return request.remote_addr == "127.0.0.1"
import time app = Flask(__name__) dashboard.config.init_from(file='dashboard.cfg') dashboard.bind(app) limiter = Limiter( app, key_func=get_ipaddr, #default_limits=["300 per day","2 per minute", "1 per second"], default_limits=["200 per day"], ) MAX_SYMBOLS = 6 shared_limiter = limiter.shared_limit(limit_value="300 per day", key_func=get_ipaddr,scope="aaa") my_ip_set = set() @limiter.request_filter def filter_func(): if 'api_key' in request.args: api_key = request.args['api_key'] print('api_key=',api_key) print('return false') return False app.config.update(DEBUG=True)