django-graphql-ratelimit

Use django-ratelimit for graphql

1.0.2
PyPI

Maintainers: 1

Eaiser to use django-ratelimit for graphql in django.

Install

pip install django-graphql-ratelimit

Usage

ratelimit key support gql:xxx, where xxx is argument.

from django_graphql_ratelimit import ratelimit

class RequestSMSCode(graphene.Mutation):
    class Arguments:
        phone = graphene.String(required=True)

    ok = graphene.Boolean()

    @ratelimit(key="ip", rate="10/m", block=True)
    @ratelimit(key="gql:phone", rate="5/m", block=True)
    def mutate(self, info, phone):
        request = info.context
        # send sms code logic
        return RequestSMSCode(ok=True)

You can use django-ratelimit keys except get:xxx and post:xxx:

ip - Use the request IP address (i.e. request.META['REMOTE_ADDR']) I suggest you to use django-ipware to get client ip, modify your MIDDLEWARE in settings:

MIDDLEWARE = [
"django_graphql_ratelimit.middleware.ParseClientIpMiddleware",
...
]

header:x-x - Use the value of request.META.get('HTTP_X_X', '').
user - Use an appropriate value from request.user. Do not use with unauthenticated users.
user_or_ip - Use an appropriate value from request.user if the user is authenticated, otherwise use request.META['REMOTE_ADDR'].

FAQs

What is django-graphql-ratelimit?

Is django-graphql-ratelimit well maintained?

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

django-graphql-ratelimit

Install

Usage

Related posts

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking