simonw's ratelimitcache at master

simonw / ratelimitcache

Description:	A memcached backed rate limiting decorator for Django. edit
Homepage:	http://simonwillison.net/2009/Jan/7/ratelimitcache/ edit
Public Clone URL:	git://github.com/simonw/ratelimitcache.git Give this clone URL to anyone. `git clone git://github.com/simonw/ratelimitcache.git`
Your Clone URL:	git@github.com:simonw/ratelimitcache.git Use this clone URL yourself. `git clone git@github.com:simonw/ratelimitcache.git`

expire_after is now a method, not a property - which means it always takes 
the current value for self.minutes in to account. Thanks Matthew 
Somerville.

simonw (author)

Thu Sep 24 07:17:36 -0700 2009

commit 591db0eb3a7270741a2032d3d8ededdec454e4f4
tree 056fe9f634c2030b21457721e00535aa73d67c24
parent 7f52ce1179ad5f01d7b5e918a65b5edb7f2caa84

ratelimitcache /

name	age	history message
.gitignore	Wed Jan 07 11:16:10 -0800 2009	Ignore pyc [simonw]
demo/	Wed Jan 07 11:35:43 -0800 2009	A small demo application [simonw]
ratelimitcache.py	Thu Sep 24 07:17:36 -0700 2009	expire_after is now a method, not a property - ... [simonw]
readme.txt	Thu Jan 08 00:37:12 -0800 2009	Installation note: you need to configure the CA... [simonw]

readme.txt

ratelimitcache for Django
=========================
By Simon Willison - http://simonwillison.net/

A rate limiter that uses Django's cache framework, with no requirement for a 
persistent data store.

More information: http://simonwillison.net/2009/Jan/7/ratelimitcache/

Installation:
    
    Place the ratelimitcache.py on your Python path.
    
    Configure your CACHE_BACKEND setting. For best results, use the memcached 
    backend - the other backends do not provide an atomic counter increment 
    and so may suffer from less effective limiting due to race conditions.
    
    Cache documentation: http://docs.djangoproject.com/en/dev/topics/cache/

Demo:
    cd demo/
    ./manage.py runserver 8008
    
    Now browse to:
        http://localhost:8008/
        http://localhost:8008/debug/
        http://localhost:8008/login/

Basic usage (max 20 requests every 3 minutes):

    from ratelimitcache import ratelimit
    
    @ratelimit(minutes = 3, requests = 20)
    def myview(request):
        # ...
        return HttpResponse('...')

Protecting a login form, i.e rate limit on IP address and attempted username:
    
    from ratelimitcache import ratelimit_post
    
    @ratelimit_post(minutes = 3, requests = 10, key_field = 'username')
    def login(request):
        # ...
        return HttpResponse('...')

You can also use it directly in urls.py. Here's how you would use it with 
the login() view function provided by Django:
    
    from ratelimitcache import ratelimit_post
    from django.contrib.auth.views import login
    
    urlpatterns = patterns('',
        #...
        (r'^login/$', ratelimit_post(
            minutes = 3, requests = 10, key_field = 'username'
        )(login)),
    )

Custom behaviour, e.g. logging when the rate limit condition fails:
    
    from ratelimitcache import ratelimit
    from my_logging_app.models import Log
    import datetime, pprint
    
    class ratelimit_with_logging(ratelimit):
        def disallowed(self, request):
            Log.objects.create(
                ip_address = request.META.get('REMOTE_ADDR'),
                path = request.path,
                counters = pprint.pformat(
                    self.get_counters(reqest)
                ),
                created = datetime.datetime.now()
            )
            return HttpResponseForbidden('Rate limit exceeded')
    
    @ratelimit_with_logging(minutes = 3, requests = 20)
    def myview(request):
        # ...
        return HttpResponse('...')