first commit

Author: eadwinCode

.github/workflows/publish.yml

@@ -23,5 +23,3 @@ jobs:
           FLIT_USERNAME: ${{ secrets.FLIT_USERNAME }}
           FLIT_PASSWORD: ${{ secrets.FLIT_PASSWORD }}
         run: flit publish
-      - name: Deploy Documentation
-        run: make doc-deploy

.github/workflows/test_full.yml

@@ -38,10 +38,10 @@ jobs:
       - name: Install Dependencies
         run: flit install --symlink
       - name: Black
-        run: black --check ellar tests
+        run: black --check ellar_throttler tests
       - name: isort
-        run: isort --check ellar tests
+        run: isort --check ellar_throttler tests
       - name: Flake8
-        run: flake8 ellar tests
+        run: flake8 ellar_throttler tests
       - name: mypy
-        run: mypy ellar
+        run: mypy ellar_throttler

LICENSE

@@ -0,0 +1,4 @@
+THROTTLER_LIMIT = "THROTTLER:LIMIT"
+THROTTLER_TTL = "THROTTLER:TTL"
+THROTTLER_OPTIONS = "THROTTLER:MODULE_OPTIONS"
+THROTTLER_SKIP = "THROTTLER:SKIP"

ellar_throttler/constants.py

@@ -0,0 +1,65 @@
+import typing as t
+
+from ellar.reflect import reflect
+
+from .constants import THROTTLER_LIMIT, THROTTLER_SKIP, THROTTLER_TTL
+
+
+def _set_throttler_metadata(target: t.Callable, limit: int, ttl: int) -> None:
+    reflect.define_metadata(THROTTLER_TTL, ttl, target)
+    reflect.define_metadata(THROTTLER_LIMIT, limit, target)
+
+
+def throttle(*, limit: int = 20, ttl: int = 60) -> t.Callable:
+    """
+    Adds metadata to the target which will be handled by the ThrottlerGuard to
+    handle incoming requests based on the given metadata.
+
+    Usage:
+    Use on controllers or individual route functions
+
+    @throttle(limit=20, ttl=300)
+    class ControllerSample:
+        @throttle(limit=20, ttl=300)
+        async def index(self):
+            ...
+
+    :param limit: Guard Type or Instance
+    :param ttl: Guard Type or Instance
+    :return: Callable
+    """
+
+    def decorator(func: t.Callable) -> t.Callable:
+        _set_throttler_metadata(func, limit=limit, ttl=ttl)
+        return func
+
+    return decorator
+
+
+def skip_throttle(skip: bool = True) -> t.Callable:
+    """
+    Adds metadata to the target which will be handled by the ThrottlerGuard
+    whether to skip throttling for this context.
+
+    Usage:
+    Use on controllers or individual route functions
+
+    @throttle(limit=20, ttl=300)
+    class ControllerSample:
+        @skip_throttle()
+        async def index(self):
+            ...
+
+        @skip_throttle(false)
+        async def create(self):
+            ...
+
+    :param skip:
+    :return:
+    """
+
+    def decorator(func: t.Callable) -> t.Callable:
+        reflect.define_metadata(THROTTLER_SKIP, skip, func)
+        return func
+
+    return decorator

ellar_throttler/decorators.py

@@ -0,0 +1,28 @@
+import math
+import typing as t
+
+from ellar.core.exceptions import APIException
+from starlette import status
+
+
+class ThrottledException(APIException):
+    status_code = status.HTTP_429_TOO_MANY_REQUESTS
+    default_detail = "Request was throttled."
+    extra_detail_singular = "Expected available in {wait} second."
+    extra_detail_plural = "Expected available in {wait} seconds."
+
+    def __init__(self, wait: float = None, detail: t.Any = None) -> None:
+        if detail is None:
+            detail = self.default_detail
+        if wait is not None:
+            wait = math.ceil(wait)
+            detail = " ".join(
+                (
+                    detail,
+                    self.extra_detail_singular.format(wait=wait)
+                    if wait < 1
+                    else self.extra_detail_plural.format(wait=wait),
+                )
+            )
+        headers = {"Retry-After": "%d" % float(wait or 0.0)}
+        super().__init__(detail=detail, headers=headers)

ellar_throttler/exception.py

@@ -0,0 +1,5 @@
+from .throttler_storage import IThrottlerStorage
+
+__all__ = [
+    "IThrottlerStorage",
+]

ellar_throttler/interfaces/__init__.py

@@ -0,0 +1,26 @@
+import typing as t
+from abc import ABC, abstractmethod
+
+from ..throttler_storage_options import ThrottlerStorageOption
+from ..throttler_storage_record import ThrottlerStorageRecord
+
+
+class IThrottlerStorage(ABC):
+    @property
+    @abstractmethod
+    def storage(self) -> t.Dict[str, ThrottlerStorageOption]:
+        """
+        The internal storage with all the request records.
+        The key is a hashed key based on the current context and IP.
+        :return:
+        """
+
+    @abstractmethod
+    async def increment(self, key: str, ttl: int) -> ThrottlerStorageRecord:
+        """
+        Increment the amount of requests for a given record. The record will
+        automatically be removed from the storage once its TTL has been reached.
+        :param key:
+        :param ttl:
+        :return:
+        """

ellar_throttler/interfaces/throttler_storage.py

@@ -0,0 +1,15 @@
+from ellar.common import Module
+from ellar.core import ModuleBase
+from ellar.di import ProviderConfig
+
+from ellar_throttler.interfaces import IThrottlerStorage
+from ellar_throttler.throttler_service import CacheThrottlerStorageService
+
+
+@Module(
+    providers=[
+        ProviderConfig(IThrottlerStorage, use_class=CacheThrottlerStorageService)
+    ]
+)
+class ThrottlerModule(ModuleBase):
+    pass

ellar_throttler/module.py

@@ -0,0 +1,82 @@
+import hashlib
+import typing as t
+
+from ellar.core import GuardCanActivate, IExecutionContext, Response
+from ellar.core.connection import HTTPConnection
+from ellar.di import injectable
+from ellar.helper import get_name
+from ellar.services import Reflector
+
+from .constants import THROTTLER_LIMIT, THROTTLER_SKIP, THROTTLER_TTL
+from .exception import ThrottledException
+from .interfaces import IThrottlerStorage
+
+
+@injectable()
+class ThrottlerGuard(GuardCanActivate):
+    header_prefix = "X-RateLimit"
+
+    def __init__(
+        self, storage_service: IThrottlerStorage, reflector: Reflector
+    ) -> None:
+        self.storage_service = storage_service
+        self.reflector = reflector
+
+    async def can_activate(self, context: IExecutionContext) -> bool:
+        handler = context.get_handler()
+        class_ref = context.get_class()
+
+        # Return early if the current route should be skipped.
+        # or self.options.skipIf?.(context)
+        if self.reflector.get_all_and_override(THROTTLER_SKIP, handler, class_ref):
+            return True
+
+        # Return early when we have no limit or ttl data.
+        route_or_class_limit = self.reflector.get_all_and_override(
+            THROTTLER_LIMIT, handler, class_ref
+        )
+        route_or_class_ttl = self.reflector.get_all_and_override(
+            THROTTLER_TTL, handler, class_ref
+        )
+
+        # Check if specific limits are set at class or route level, otherwise use global options.
+        limit = route_or_class_limit or 60  # or this.options.limit
+        ttl = route_or_class_ttl or 60  # or this.options.ttl
+        return await self.handle_request(context, limit, ttl)
+
+    @classmethod
+    def get_request_response(
+        cls, context: IExecutionContext
+    ) -> t.Tuple[HTTPConnection, Response]:
+        connection_host = context.switch_to_http_connection()
+        return connection_host.get_client(), connection_host.get_response()
+
+    def get_tracker(self, connection: HTTPConnection) -> str:
+        assert connection.client
+        return connection.client.host
+
+    def generate_key(self, context: IExecutionContext, suffix: str) -> str:
+        prefix = f"{get_name(context.get_class())}-{get_name(context.get_handler())}"
+        return hashlib.md5(f"{prefix}-{suffix}".encode("utf8")).hexdigest()
+
+    async def handle_request(
+        self, context: IExecutionContext, limit: int, ttl: int
+    ) -> bool:
+        connection, response = self.get_request_response(context)
+        # TODO: Return early if the current user agent should be ignored.
+
+        tracker = self.get_tracker(connection)
+        key = self.generate_key(context, tracker)
+        result = await self.storage_service.increment(key, ttl)
+
+        # Throw an error when the user reached their limit.
+        if result.total_hits > limit:
+            raise ThrottledException(wait=result.time_to_expire)
+
+        response.headers[f"{self.header_prefix}-Limit"] = str(limit)
+        response.headers[f"{self.header_prefix}-Remaining"] = str(
+            max(0, limit - result.total_hits)
+        )
+        response.headers[f"{self.header_prefix}-Reset"] = str(result.time_to_expire)
+
+        return True