Token throttler is an extendable rate-limiting library somewhat based on a token bucket algorithm
Token throttler is an extendable rate-limiting library somewhat based on a token bucket algorithm.
Token throttler is available on PyPI:
$ python -m pip install token-throttler
Token throttler officially supports Python >= 3.8.
NOTE: Depending on the storage engine you pick, you can install token throttler with extras:
$ python -m pip install token-throttler[redis]
dict configurationToken throttler supports both manual usage and via decorator.
Decorator usage supports both async and sync.
from token_throttler import TokenBucket, TokenThrottler
from token_throttler.storage import RuntimeStorage
throttler: TokenThrottler = TokenThrottler(1, RuntimeStorage())
throttler.add_bucket("hello_world", TokenBucket(10, 10))
throttler.add_bucket("hello_world", TokenBucket(30, 20))
def hello_world() -> None:
print("Hello World")
for i in range(10):
throttler.consume("hello_world")
hello_world()
if throttler.consume("hello_world"):
hello_world()
else:
print(
f"bucket_one ran out of tokens, retry in: {throttler.wait_time('hello_world')}"
)
from token_throttler import TokenBucket, TokenThrottler, TokenThrottlerException
from token_throttler.storage import RuntimeStorage
throttler: TokenThrottler = TokenThrottler(1, RuntimeStorage())
throttler.add_bucket("hello_world", TokenBucket(10, 10))
throttler.add_bucket("hello_world", TokenBucket(30, 20))
@throttler.enable("hello_world")
def hello_world() -> None:
print("Hello World")
for i in range(10):
hello_world()
try:
hello_world()
except TokenThrottlerException:
print(
f"bucket_one ran out of tokens, retry in: {throttler.wait_time('hello_world')}"
)
from fastapi import Depends, FastAPI, Request
from pydantic import BaseModel
from token_throttler import TokenThrottler, TokenBucket
from token_throttler.storage import RuntimeStorage
from token_throttler.ext.fastapi import FastAPIThrottler
app: FastAPI = FastAPI()
ban_hammer: TokenThrottler = TokenThrottler(cost=1, storage=RuntimeStorage())
class User(BaseModel):
id: int
name: str
u1: User = User(id=1, name="Test")
users: list[User] = [u1]
def create_buckets() -> None:
for user in users:
ban_hammer.add_bucket(
str(user.id), TokenBucket(replenish_time=10, max_tokens=10)
)
# For example purposes only - feel free to load your users with the bucket(s) anywhere else
app.add_event_handler("startup", create_buckets)
# Add your auth logic here
def get_auth_user() -> User:
return u1
# Since this is a FastAPI dependency, you can have the `Request` object here too if needed (e.g. storing the JWT token in
# a request lifecycle).
# You can also use sub-dependencies like shown below - `auth_user`
async def get_user_id(
request: Request, auth_user: User = Depends(get_auth_user)
) -> str:
return str(auth_user.id)
# You can configure the dependency per route, on a router level or on global application level.
# Pass your unique user identifier (e.g. JWT subject, apikey or user's ID) as a callback parameter
# of the `enable` method.
@app.get(
"/throttle", dependencies=[Depends(FastAPIThrottler(ban_hammer).enable(get_user_id))]
)
async def read_users():
return {"detail": "This is throttled URL"}
For other examples see examples directory.
TokenThrottler supports RuntimeStorage and RedisStorage.
TokenThrottlerAsync supports RedisStorageAsync
If you want your own storage engine, feel free to extend the token_throttler.storage.BucketStorage or token_throttler.storage.BucketStorageAsync classes.
For storage examples see examples directory.
Token throttler supports global and per instance configurations.
Configuration params:
IDENTIFIER_FAIL_SAFE (default False) - if invalid identifier is given as a param for the consume method and IDENTIFIER_FAIL_SAFE
is set to True, no KeyError exception will be raised and consume will act like a limitless bucket is being consumed.ENABLE_THREAD_LOCK (default False) - if set to True, throttler will acquire a thread lock upon calling consume method and release
the lock once the consume is finished. This avoids various race conditions at a slight performance cost.Global configuration means that all the throttler instances will use the same configuration from
the ThrottlerConfigGlobal class singleton (!) instance - default_config.
from token_throttler import TokenBucket, TokenThrottler, default_config
from token_throttler.storage import RuntimeStorage
default_config.set({
"ENABLE_THREAD_LOCK": False,
"IDENTIFIER_FAIL_SAFE": True,
})
throttler: TokenThrottler = TokenThrottler(1, RuntimeStorage())
throttler.add_bucket("hello_world", TokenBucket(10, 10))
throttler.add_bucket("hello_world", TokenBucket(30, 20))
...
Whenever you change the options inside default_config object, all of the TokenThrottler instances, that are not
using the instance specific configuration, will get updated with the new settings.
NOTE: If any modifications are attempted on the default_config object during runtime, a RuntimeWarning will be emitted. The default_config object is designed to be a singleton instance of the ThrottlerConfigGlobal class, responsible for storing and managing configuration settings. To ensure the proper functioning of the throttling mechanism and to maintain the integrity of the configuration, it is recommended to avoid making runtime changes to the default_config object. Any such modifications may result in unexpected behavior or inconsistencies in the throttling behavior. Instead, consider utilizing instance-specific configuration.
Instance configuration is to be used when TokenThrottler instance(s) needs a different configuration that the global one.
If no instance configuration is passed, TokenThrottler object will use the global configuration.
from token_throttler import ThrottlerConfig, TokenBucket, TokenThrottler
from token_throttler.storage import RuntimeStorage
throttler: TokenThrottler = TokenThrottler(
1,
RuntimeStorage(),
ThrottlerConfig(
{
"ENABLE_THREAD_LOCK": True,
"IDENTIFIER_FAIL_SAFE": True,
}
),
)
throttler.add_bucket("hello_world", TokenBucket(10, 10))
throttler.add_bucket("hello_world", TokenBucket(30, 20))
...
FAQs
Token throttler is an extendable rate-limiting library somewhat based on a token bucket algorithm
We found that token-throttler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.