Skip to content

/ slowapi

A rate limiter for Starlette and FastAPI
starlette fastapi rate-limiter asgi python uvicorn
Python
  1. Python 100.0%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Latest commit

@laurentS
laurentS Merge pull request #4 from brumar/patch-1 
Add missing import in the readme
Latest commit 4c4141a May 11, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
slowapi Improve typing annotations Mar 10, 2020
tests
CHANGELOG.md Release 0.1.1 Mar 11, 2020
LICENSE First version Feb 21, 2020
README.md missing import in the readme ? May 11, 2020
poetry.lock Update dependencies on starlette (0.13.2) and fastapi (0.52.0) Mar 10, 2020
pyproject.toml Release 0.1.1 Mar 11, 2020

README.md

SlowApi

A rate limiting library for Starlette and FastAPI adapted from flask-limiter.

Note: this is alpha quality code still, the API may change, and things may fall apart while you try it.

Quick start

Installation

slowapi is available from pypi so you can install it as usual:

$ pip install slowapi

Starlette

    from starlette.applications import Starlette
    from slowapi import Limiter, _rate_limit_exceeded_handler
    from slowapi.util import get_remote_address

    limiter = Limiter(key_func=get_remote_address)
    app = Starlette()
    app.state.limiter = limiter
    app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)

    @limiter.limit("5/minute")
    async def homepage(request: Request):
        return PlainTextResponse("test")

    app.add_route("/home", homepage)

The above app will have a route t1 that will accept up to 5 requests per minute. Requests beyond this limit will be answered with an HTTP 429 error, and the body of the view will not run.

FastAPI

    from fastapi import FastAPI
    from slowapi import Limiter, _rate_limit_exceeded_handler
    from slowapi.util import get_remote_address

    limiter = Limiter(key_func=get_remote_address)
    app = FastAPI()
    app.state.limiter = limiter
    app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)

    @app.get("/home")
    @limiter.limit("5/minute")
    async def homepage(request: Request):
        return PlainTextResponse("test")

This will provide the same result, but with a FastAPI app.

Features

Most feature are coming from (will come from) FlaskLimiter and the underlying limits.

Supported now:

  • Single and multiple limit decorator on endpoint functions to apply limits
  • redis, memcached and memory backends to track your limits (memory as a fallback)
  • support for sync and async HTTP endpoints
  • Support for shared limits across a set of routes

Limitations and known issues

  • There is no support for default limits yet (in other words, the only default limit supported is "unlimited")

  • The request argument must be explicitly passed to your endpoint, or slowapi won't be able to hook into it. In other words, write:

    @limiter.limit("5/minute")
    async def myendpoint(request: Request)
        pass

and not:

    @limiter.limit("5/minute")
    async def myendpoint()
        pass
  • websocket endpoints are not supported yet.

Developing and contributing

PRs are more than welcome! Please include tests for your changes :)

The package uses poetry to manage dependencies. To setup your dev env:

$ poetry install

To run the tests:

$ pytest

Credits

Credits go to flask-limiter of which SlowApi is a (still partial) adaptation to Starlette and FastAPI. It's also important to mention that the actual rate limiting work is done by limits, slowapi is just a wrapper around it.

You can’t perform that action at this time.