A rate limiting library for Starlette and FastAPI adapted from flask-limiter.
Note: this is alpha quality code still, the API may change, and things may fall apart while you try it.
slowapi
is available from pypi so you can install it as usual:
$ pip install slowapi
from starlette.applications import Starlette
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
limiter = Limiter(key_func=get_remote_address)
app = Starlette()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
@limiter.limit("5/minute")
async def homepage(request: Request):
return PlainTextResponse("test")
app.add_route("/home", homepage)
The above app will have a route t1
that will accept up to 5 requests per minute. Requests beyond this limit will be answered with an HTTP 429 error, and the body of the view will not run.
from fastapi import FastAPI
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
limiter = Limiter(key_func=get_remote_address)
app = FastAPI()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
@app.get("/home")
@limiter.limit("5/minute")
async def homepage(request: Request):
return PlainTextResponse("test")
This will provide the same result, but with a FastAPI app.
Most feature are coming from (will come from) FlaskLimiter and the underlying limits.
Supported now:
- Single and multiple
limit
decorator on endpoint functions to apply limits - redis, memcached and memory backends to track your limits (memory as a fallback)
- support for sync and async HTTP endpoints
- Support for shared limits across a set of routes
-
There is no support for default limits yet (in other words, the only default limit supported is "unlimited")
-
The
request
argument must be explicitly passed to your endpoint, orslowapi
won't be able to hook into it. In other words, write:
@limiter.limit("5/minute")
async def myendpoint(request: Request)
pass
and not:
@limiter.limit("5/minute")
async def myendpoint()
pass
websocket
endpoints are not supported yet.
PRs are more than welcome! Please include tests for your changes :)
The package uses poetry to manage dependencies. To setup your dev env:
$ poetry install
To run the tests:
$ pytest
Credits go to flask-limiter of which SlowApi is a (still partial) adaptation to Starlette and FastAPI.
It's also important to mention that the actual rate limiting work is done by limits, slowapi
is just a wrapper around it.