aiohttp-ratelimiter is a rate limiter for the aiohttp.web framework. This is a new library, and we are always looking for people to contribute. If you see something wrong with the code or want to add a feature, please create a pull request on our github.
Install from git
python -m pip install git+https://github.com/JGLTechnologies/aiohttp-ratelimiter
Install from pypi
python -m pip install aiohttp-ratelimiter
// if redis is being used
python -m pip install aiohttp-ratelimiter[redis]
// if memcached is being used
python -m pip install aiohttp-ratelimiter[memcached]
Example
from aiohttp import web
from aiohttplimiter import default_keyfunc, Limiter
from aiohttplimiter.redis_limiter import RedisLimiter
from aiohttplimiter.memcached_limiter import MemcachedLimiter
app = web.Application()
routes = web.RouteTableDef()
# In Memory
limiter = Limiter(keyfunc=default_keyfunc)
# Redis
limiter = RedisLimiter(keyfunc=default_keyfunc, uri="redis://localhost:6379")
# Memcached
limiter = MemcachedLimiter(keyfunc=default_keyfunc, uri="memcached://localhost:11211")
@routes.get("/")
# This endpoint can only be requested 1 time per second per IP address
@limiter.limit("1/second")
async def home(request):
return web.Response(text="test")
app.add_routes(routes)
web.run_app(app)
You can exempt an IP from rate limiting using the exempt_ips kwarg.
from aiohttplimiter import Limiter, default_keyfunc
from aiohttp import web
app = web.Application()
routes = web.RouteTableDef()
# 192.168.1.245 is exempt from rate limiting.
# Keep in mind that exempt_ips takes a set not a list.
limiter = Limiter(keyfunc=default_keyfunc, exempt_ips={"192.168.1.245"})
@routes.get("/")
@limiter.limit("3/5minutes")
async def test(request):
return web.Response(text="test")
app.add_routes(routes)
web.run_app(app)
You can create your own error handler by using the error_handler kwarg.
from aiohttplimiter import Allow, RateLimitExceeded, Limiter, default_keyfunc
from aiohttp import web
def handler(request: web.Request, exc: RateLimitExceeded):
# If for some reason you want to allow the request, return aiohttplimitertest.Allow().
if some_condition:
return Allow()
return web.Response(text=f"Too many requests", status=429)
limiter = Limiter(keyfunc=default_keyfunc, error_handler=handler)
If multiple paths use one handler like this:
@routes.get("/")
@routes.get("/home")
@limiter.limit("5/hour")
def home(request):
return web.Response(text="Hello")
Then they will have separate rate limits. To prevent this use the path_id kwarg.
@routes.get("/")
@routes.get("/home")
@limiter.limit("2/3days", path_id="home")
def home(request):
return web.Response(text="Hello")
Views Example
@routes.view("/")
class Home(View):
@limiter.limit("1/second")
def get(self):
return web.Response(text="hello")
FAQs
A simple rate limiter for aiohttp.web
We found that aiohttp-ratelimiter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.