def get_identifier(self, request): """Returns {domain}_{api_key} for use in rate limiting api key. Each api key can currently be used on multiple domains, and rates are domain specific. """ username = self.extract_credentials(request)[0] if API_THROTTLE_WHITELIST.enabled(username): return username try: api_key = self.extract_credentials(request)[1] except ValueError: api_key = '' return f"{getattr(request, 'domain', '')}_{api_key}"
def accessed(self, identifier, **kwargs): """ Handles recording the user's access. Does everything the ``CacheThrottle`` class does, plus logs the access within the database using the ``ApiAccess`` model. """ # Do the import here, instead of top-level, so that the model is # only required when using this throttling mechanism. from tastypie.models import ApiAccess # only record in redis if we need the throttle, otherwise skip # and just leave the db logging if not API_THROTTLE_WHITELIST.enabled(identifier): super(CacheDBThrottle, self).accessed(identifier, **kwargs) # Write out the access to the DB for logging purposes. url = kwargs.get('url', '') if len(url) > 255: url = url[:251] + '...' ApiAccess.objects.create(identifier=identifier, url=url, request_method=kwargs.get( 'request_method', ''))
def should_be_throttled(self, identifier, **kwargs): if API_THROTTLE_WHITELIST.enabled(identifier): return False return super(HQThrottle, self).should_be_throttled(identifier, **kwargs)
def get_identifier(self, request): username = request.couch_user.username if API_THROTTLE_WHITELIST.enabled(username): return username return f"{getattr(request, 'domain', '')}_{username}"