New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ratelimiting #345
Merged
Merged
Add ratelimiting #345
Changes from all commits
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
78955c2
Add ratelimit header injector and ratelimit decorators
mayhem bee589e
Don't ratelimit two views that are called by our JS
mayhem 3107447
Remove the () on the ratelimit decorator
mayhem 03cb0ba
Bring the () back
mayhem 76ecc18
set rate limits complete, not tested.
mayhem 5bdf70d
Add manage.py command to set rate limit parameters
paramsingh 39cc0f8
Remove unneeded set rate limits script
paramsingh d73fdf0
Add documentation for API ratelimiting
paramsingh 7bfa1a1
Set high ratelimit defaults for tests
paramsingh 105f09d
Add test for ratelimit headers in the API tests
paramsingh 4326011
Improve the set_rate_limits command
paramsingh a8d6c76
Set default ratelimits from config during app creation
paramsingh 9faca77
Add TODO for brainzutils ratelimit disabling
paramsingh f2ab5ab
Mention the ratelimits in the documentation
paramsingh def80b0
Type check arguments and print current values
paramsingh 39594cd
Remove ratelimiting from legacy api submit endpoint
paramsingh bfc9c27
Remove syntax error
paramsingh 4984534
Enable ratelimiting after cache setup
alastair 4b89e6e
Improve rate limiting management command
alastair File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,6 +10,7 @@ | |
from db.data import submit_low_level_data, count_lowlevel | ||
from db.exceptions import NoDataFoundException, BadDataException | ||
from webserver.decorators import crossdomain | ||
from brainzutils.ratelimit import ratelimit | ||
|
||
bp_core = Blueprint('api_v1_core', __name__) | ||
|
||
|
@@ -26,6 +27,7 @@ | |
|
||
@bp_core.route("/<uuid(strict=False):mbid>/count", methods=["GET"]) | ||
@crossdomain() | ||
@ratelimit() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd like to see at least one test to see that we're returning ratelimiting headers on one of these methods |
||
def count(mbid): | ||
"""Get the number of low-level data submissions for a recording with a | ||
given MBID. | ||
|
@@ -51,6 +53,7 @@ def count(mbid): | |
|
||
@bp_core.route("/<uuid(strict=False):mbid>/low-level", methods=["GET"]) | ||
@crossdomain() | ||
@ratelimit() | ||
def get_low_level(mbid): | ||
"""Get low-level data for a recording with a given MBID. | ||
|
||
|
@@ -74,6 +77,7 @@ def get_low_level(mbid): | |
|
||
@bp_core.route("/<uuid(strict=False):mbid>/high-level", methods=["GET"]) | ||
@crossdomain() | ||
@ratelimit() | ||
def get_high_level(mbid): | ||
"""Get high-level data for recording with a given MBID. | ||
|
||
|
@@ -99,6 +103,7 @@ def get_high_level(mbid): | |
|
||
|
||
@bp_core.route("/<uuid:mbid>/low-level", methods=["POST"]) | ||
@ratelimit() | ||
def submit_low_level(mbid): | ||
"""Submit low-level data to AcousticBrainz. | ||
|
||
|
@@ -220,6 +225,7 @@ def check_bad_request_for_multiple_recordings(): | |
|
||
@bp_core.route("/low-level", methods=["GET"]) | ||
@crossdomain() | ||
@ratelimit() | ||
def get_many_lowlevel(): | ||
"""Get low-level data for many recordings at once. | ||
|
||
|
@@ -258,6 +264,7 @@ def get_many_lowlevel(): | |
|
||
@bp_core.route("/high-level", methods=["GET"]) | ||
@crossdomain() | ||
@ratelimit() | ||
def get_many_highlevel(): | ||
"""Get high-level data for many recordings at once. | ||
|
||
|
@@ -299,6 +306,7 @@ def get_many_highlevel(): | |
|
||
@bp_core.route("/count", methods=["GET"]) | ||
@crossdomain() | ||
@ratelimit() | ||
def get_many_count(): | ||
"""Get low-level count for many recordings at once. MBIDs not found in | ||
the database are omitted in the response. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the default rate limit if we don't make any changes? It'd be nice to say this here. "We typically set the limit to 10 queries every 10 seconds, but these values may change. Make sure you check the response headers if you want to know the specific values"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looking at the BU code it seems like the default is 30 queries in 10 seconds. Is this actually useful for us - should we check the mean number of queries per IP address for AB to ensure that this actually results in a reduction of queries, or see if we need to reduce the default.
Our custom defaults should be in the config file instead of hard-coded.