I'm having a problem with SlowAPI. All requests are limited according to the middleware, but I cannot manage to jointly limit all requests under the path /schools/
My code:
from fastapi import FastAPI, Request, Response, status
from fastapi.middleware.cors import CORSMiddleware
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded
from slowapi.middleware import SlowAPIMiddleware
limiter = Limiter(key_func=get_remote_address, default_limits=["2/5seconds"])
app = FastAPI()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
origins = ["http://127.0.0.1/", "http://localhost", "http://192.168.1.75"] ## CORS
app.add_middleware(
CORSMiddleware,
allow_origins=origins,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
app.add_middleware(SlowAPIMiddleware) ## Rate-limit all request
@app.get('/schools/{regione}/{provincia}/{comune}')
def search_school(request: Request, response: Response, regione: str, provincia: str, comune: str):
return {"message": 'No schools found!', "status": 'error', "code": 200} ## Or if found return schools informations
@app.get('/testpath/{regione}') ## Works with one path. If I add "provincia" and "comune" non work
def search_school(request: Request, response: Response, regione: str, provincia: str, comune: str):
return {"message": 'No schools found!', "status": 'error', "code": 200} ## Or if found return schools informations
When i send a request to /schools/{region}/{province}/{city} with jQuery the whole url is limited and therefore if I change region or province the limits are reset. How can I make myself apply settings for /schools/*
Example:
2 request every 5 seconds
If i send to request to apiURL+/schools/Lombardy/Milan/Milan the limit increases by 1 and if i made anothe 2 request at the third I get blocked.
But if instead of making it to the same domain, I change the city (apiURL+/schools/Sicily/Palermo/Palermo), the limit resets and returns to 1
Define application_limits when instantiating the Limiter class, as shown below. As per the documentation,
application_limits: a variable list of strings or callables returning strings for limits that are applied to the entire application (i.e., a shared limit for all routes)
Thus, the below would apply a shared limit to all /schools/* routes, as well as any other route that might be in your application (e.g., /testpath/*, /some-other-route/, and so on), meaning that, only two requests per 5 seconds would go through by each client (regardless of the endpoint they would call).
limiter = Limiter(key_func=get_remote_address, application_limits=["2/5seconds"])
Apply a shared limit only to the endpoints you wish, using shared_limit. As per the documentation:
shared_limit: Decorator to be applied to multiple routes sharing the same rate limit.
Thus, the below would apply a shared limit only to /schools/* routes.
limiter = Limiter(key_func=get_remote_address, default_limits=["2/5seconds"])
@app.get('/schools/{regione}/{provincia}/{comune}')
@limiter.shared_limit(limit_value="2/5seconds", scope="schools")
def search_school(request: Request, response: Response, regione: str, provincia: str, comune: str):
return {"message": 'No schools found!', "status": 'error', "code": 200}