Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/k0rventen/flask-gatekeeper

A (very) simple banning & rate limiting extension for Flask.
https://github.com/k0rventen/flask-gatekeeper

banning flask python rate-limiting

Last synced: 8 days ago
JSON representation

A (very) simple banning & rate limiting extension for Flask.

Host: GitHub
URL: https://github.com/k0rventen/flask-gatekeeper
Owner: k0rventen
License: mit
Created: 2021-05-01T18:34:45.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2022-05-16T18:02:40.000Z (over 2 years ago)
Last Synced: 2024-12-16T03:41:46.364Z (about 1 month ago)
Topics: banning, flask, python, rate-limiting
Language: Python
Homepage: https://k0rventen.github.io/flask-gatekeeper/
Size: 2.82 MB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # flask-gatekeeper

A simple banning & rate limiting extension for Flask.

![PyPI - Status](https://img.shields.io/badge/status-stable-green)

[![PyPI - Version](https://img.shields.io/pypi/v/flask-gatekeeper.svg)](https://pypi.org/project/flask-gatekeeper/)

![PyPI - Downloads](https://img.shields.io/pypi/dm/flask-gatekeeper)

It's not meant to be a replacement for other, more complex banning & rate limiting modules like `flask-Limiter` or `flask-ipban`.

It has the following specificities:

- no dependencies,

- quite fast due to the use of `collections.deque`,

- in-memory storage (no persistence across restarts).

Full documentation can be found here: https://k0rventen.github.io/flask-gatekeeper/

## Getting started

### Install

```

pip install flask-gatekeeper

```

### Sample usage

Here is a demo app showing the main capabilities of flask-gatekeeper : 

```py

# import flask-gatekeeper along flask

from flask import Flask

from flask_gatekeeper import GateKeeper 

app = Flask(__name__)

gk = GateKeeper(app, # or use .init_app(app) later 

                ip_header="x-my-ip", # optionnal header to use for the client IP (e.g if using a reverse proxy)

                ban_rule={"count":3,"window":10,"duration":600}, # 3 reports in a 10s window will ban for 600s

                rate_limit_rules=[{"count":20,"window":1},{"count":100,"window":10}], # rate limiting will be applied if over 20 requests in 1s or 100 requests in 10s

                excluded_methods=["HEAD"]) # do not add HEAD requests to the tally 

# By default, all routes will use the rate limiting we defined above:

@app.route("/ping") # this route is rate limited by the global rule

def ping():

    return "ok",200

@app.route("/login") # also rate limited by the global rule

def login():

    if request.json.get("password") == "password":

        return token,200

    else:

        gk.report() # report the request's IP, after 3 reports in this case the IP will be banned 

        return "bad password",401

# we can specify different rate limiting rules using decorators

@app.route("/global_plus_specific")

@gk.specific(rate_limit_rules=[{"count":1,"window":2}]) # add another rate limit on top of the global one (to avoid bursting for example)

def specific():

    return "ok",200

@app.route("/standalone")

@gk.specific(rate_limit_rules=[{"count":10,"window":3600}],standalone=True) # rate limited only by this rule

def standalone():

    return "ok",200

@app.route("/bypass")

@gk.bypass # do not apply anything on that route

def bypass():

    return "ok",200

app.run("127.0.0.1",5000)

```

Copy that in a file or your REPL, then try the various endpoints.