feat: harden limiter logic and expand Redis#639
Open
Saurabhsing21 wants to merge 1 commit intojlab-sensing:mainfrom
Open
feat: harden limiter logic and expand Redis#639Saurabhsing21 wants to merge 1 commit intojlab-sensing:mainfrom
Saurabhsing21 wants to merge 1 commit intojlab-sensing:mainfrom
Conversation
- Use Redis TIME in Lua for consistent token refill timing. - Secure IP identity handling with ProxyFix-based trust configuration. - Add fallback/warning behavior for missing or invalid rate-limit rules. - Add blocked-request logging with API-key redaction. - Add memory backend cleanup/eviction and expiry behavior. - Add optional JWT audience/issuer validation in identity extraction. - Add decorators to uncovered resources and document env knobs. - Expand tests for edge cases and Redis backend behavior. Signed-off-by: Saurabhsing21 <saurabhsingh881888@gmail.com>
Contributor
Author
|
Hi @aleclevy Can you review this pr , this is not 100% perfect but pls review this and let me know what i have to improve |
Contributor
Author
|
@aleclevy Can you review this |
jmadden173
added
the
awaiting-review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR improves the API rate-limit system for security, reliability, and maintainability.
It also simplifies maintainer setup to 2–3 core inputs while keeping advanced overrides available.
Issue
#526
The initial implementation worked, but had practical gaps:
What Changed
/ENTS-backend/backend/api/rate_limit.py./ENTS-backend/backend/api/__init__.py./ENTS-backend/backend/api/config.py.Config Simplification (2–3 Inputs)
A new profile-based model was introduced in
/ENTS-backend/backend/api/config.py:RATE_LIMIT_ENABLEDRATE_LIMIT_STORAGE_URIRATE_LIMIT_PROFILE(strict,balanced,relaxed)Optional:
RATE_LIMIT_TRUSTED_PROXY_COUNT(only when behind trusted proxies)RATE_LIMIT_<RULE>_CAPACITYandRATE_LIMIT_<RULE>_REFILL_RATE(advanced tuning only)Docs and examples updated:
/Users/apple/Projects/ENTS-backend/.env.example/Users/apple/Projects/ENTS-backend/backend/README.mdTest Coverage
Expanded tests in
/ENTS-backend/backend/tests/test_rate_limit.py:Validation
ruffon touched files: passed.pytest /ENTS-backend/backend/tests/test_rate_limit.py: passed.Backward Compatibility
RATE_LIMIT_PROFILEreduces setup complexity without removing tuning flexibility.Reviewer Notes
Please focus on:
strict/balanced/relaxed) for production traffic expectations.RATE_LIMIT_TRUSTED_PROXY_COUNTvalue per deployment topology.