Skip to content

Commit

Permalink
fix: auth rate limit docs and default rate (#1997)
Browse files Browse the repository at this point in the history 
* fix: auth rate limit docs and default rate

* fix: auth rate limit docs and default rate

* fix test
  • Loading branch information
@dpgaspar
dpgaspar committed Feb 23, 2023
1 parent bef2421 commit bd599c2
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 66 deletions.
130 changes: 65 additions & 65 deletions flask_appbuilder/api/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,78 +244,78 @@ class BaseApi(AbstractViewApi):

version: Optional[str] = "v1"
"""
Define the Api version for this resource/class
Define the Api version for this resource/class
"""
route_base: Optional[str] = None
"""
Define the route base where all methods will suffix from
Define the route base where all methods will suffix from
"""
resource_name: Optional[str] = None
"""
Defines a custom resource name, overrides the inferred from Class name
makes no sense to use it with route base
Defines a custom resource name, overrides the inferred from Class name
makes no sense to use it with route base
"""
base_permissions: Optional[List[str]] = None
"""
A list of allowed base permissions::
A list of allowed base permissions::
class ExampleApi(BaseApi):
base_permissions = ['can_get']
class ExampleApi(BaseApi):
base_permissions = ['can_get']
"""
class_permission_name: Optional[str] = None
"""
Override class permission name default fallback to self.__class__.__name__
Override class permission name default fallback to self.__class__.__name__
"""
previous_class_permission_name: Optional[str] = None
"""
If set security converge will replace all permissions tuples
with this name by the class_permission_name or self.__class__.__name__
If set security converge will replace all permissions tuples
with this name by the class_permission_name or self.__class__.__name__
"""
method_permission_name: Optional[Dict[str, str]] = None
"""
Override method permission names, example::
Override method permission names, example::
method_permissions_name = {
'get_list': 'read',
'get': 'read',
'put': 'write',
'post': 'write',
'delete': 'write'
}
method_permissions_name = {
'get_list': 'read',
'get': 'read',
'put': 'write',
'post': 'write',
'delete': 'write'
}
"""
previous_method_permission_name: Optional[Dict[str, str]] = None
"""
Use same structure as method_permission_name. If set security converge
will replace all method permissions by the new ones
Use same structure as method_permission_name. If set security converge
will replace all method permissions by the new ones
"""
allow_browser_login = False
"""
Will allow flask-login cookie authorization on the API
default is False.
Will allow flask-login cookie authorization on the API
default is False.
"""
csrf_exempt = True
"""
If using flask-wtf CSRFProtect exempt the API from check
If using flask-wtf CSRFProtect exempt the API from check
"""
apispec_parameter_schemas: Optional[Dict[str, Dict[str, Any]]] = None
"""
Set your custom Rison parameter schemas here so that
they get registered on the OpenApi spec::
Set your custom Rison parameter schemas here so that
they get registered on the OpenApi spec::
custom_parameter = {
"type": "object"
"properties": {
"name": {
"type": "string"
}
custom_parameter = {
"type": "object"
"properties": {
"name": {
"type": "string"
}
}
}
class CustomApi(BaseApi):
apispec_parameter_schemas = {
"custom_parameter": custom_parameter
}
class CustomApi(BaseApi):
apispec_parameter_schemas = {
"custom_parameter": custom_parameter
}
"""
_apispec_parameter_schemas: Optional[Dict[str, Dict[str, Any]]] = None

Expand Down Expand Up @@ -404,66 +404,66 @@ class Schema1(Schema):
},
}
"""
Override custom OpenApi responses
Override custom OpenApi responses
"""

exclude_route_methods: Set[str] = set()
"""
Does not register routes for a set of builtin ModelRestApi functions.
example::
Does not register routes for a set of builtin ModelRestApi functions.
example::
class ContactModelView(ModelRestApi):
datamodel = SQLAInterface(Contact)
exclude_route_methods = {"info", "get_list", "get"}
class ContactModelView(ModelRestApi):
datamodel = SQLAInterface(Contact)
exclude_route_methods = {"info", "get_list", "get"}
The previous examples will only register the `put`, `post` and `delete` routes
The previous examples will only register the `put`, `post` and `delete` routes
"""
include_route_methods: Optional[Set[str]] = None
"""
If defined will assume a white list setup, where all endpoints are excluded
except those define on this attribute
example::
If defined will assume a white list setup, where all endpoints are excluded
except those define on this attribute
example::
class ContactModelView(ModelRestApi):
datamodel = SQLAInterface(Contact)
include_route_methods = {"list"}
class ContactModelView(ModelRestApi):
datamodel = SQLAInterface(Contact)
include_route_methods = {"list"}
The previous example will exclude all endpoints except the `list` endpoint
The previous example will exclude all endpoints except the `list` endpoint
"""
openapi_spec_methods: Dict[str, Any] = {}
"""
Merge OpenAPI spec defined on the method's doc.
For example to merge/override `get_list`::
Merge OpenAPI spec defined on the method's doc.
For example to merge/override `get_list`::
class GreetingApi(BaseApi):
resource_name = "greeting"
openapi_spec_methods = {
"greeting": {
"get": {
"description": "Override description",
}
class GreetingApi(BaseApi):
resource_name = "greeting"
openapi_spec_methods = {
"greeting": {
"get": {
"description": "Override description",
}
}
}
"""
openapi_spec_tag: Optional[str] = None
"""
By default all endpoints will be tagged (grouped) to their class name.
Use this attribute to override the tag name
By default all endpoints will be tagged (grouped) to their class name.
Use this attribute to override the tag name
"""

limits: Optional[List[Limit]] = None
"""
List of limits for this api.
List of limits for this api.
Use it like this if you want to restrict the rate of requests to a view:
Use it like this if you want to restrict the rate of requests to a view::
class MyView(ModelView):
limits = [Limit("2 per 5 second")]
class MyView(ModelView):
limits = [Limit("2 per 5 second")]
or use the decorator @limit.
or use the decorator @limit.
"""

def __init__(self) -> None:
Expand Down
2 changes: 1 addition & 1 deletion flask_appbuilder/security/manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ def __init__(self, appbuilder):

# Rate limiting
app.config.setdefault("AUTH_RATE_LIMITED", True)
app.config.setdefault("AUTH_RATE_LIMIT", "2 per 5 second")
app.config.setdefault("AUTH_RATE_LIMIT", "10 per 20 second")

if self.auth_type == AUTH_OID:
from flask_openid import OpenID
Expand Down
1 change: 1 addition & 0 deletions flask_appbuilder/tests/security/test_rate_limiter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ def setUp(self):
self.app.jinja_env.undefined = jinja2.StrictUndefined
self.app.config.from_object("flask_appbuilder.tests.config_api")
self.app.config["RATELIMIT_ENABLED"] = True
self.app.config["AUTH_RATE_LIMIT"] = "2 per 5 second"
logging.basicConfig(level=logging.ERROR)

self.db = SQLA(self.app)
Expand Down

0 comments on commit bd599c2

Please sign in to comment.