rate_limit slowapi

2025-10-05 15:15:32 +03:00
parent f7b39da624
commit b3aaf04024
3 changed files with 24 additions and 1 deletions
--- a/server/backend/endpoints.py
+++ b/server/backend/endpoints.py
@@ -3,6 +3,10 @@ from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
 from fastapi.security import OAuth2PasswordRequestForm

+from .rate_limit import limiter, ratelimit_handler
+from slowapi.errors import RateLimitExceeded
+from slowapi.middleware import SlowAPIMiddleware
+
 from pydantic import EmailStr

 from . import pydentic, JWT, password, permissions
@@ -12,6 +16,9 @@ from datetime import datetime, timedelta
 import asyncio

 api = FastAPI()
+api.state.limiter = limiter
+api.add_exception_handler(RateLimitExceeded, ratelimit_handler)
+api.add_middleware(SlowAPIMiddleware)
 from dotenv import load_dotenv                              #Работа с env для CORS
 import os
 load_dotenv()
--- a/server/backend/rate_limit.py
+++ b/server/backend/rate_limit.py
@@ -0,0 +1,15 @@
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+from slowapi.errors import RateLimitExceeded
+from fastapi.responses import JSONResponse
+from fastapi import Request
+
+# создаём limiter с глобальным лимитом
+limiter = Limiter(key_func=get_remote_address, default_limits=["10/minute"])
+
+# обработчик ошибок
+async def ratelimit_handler(request: Request, exc: RateLimitExceeded):
+    return JSONResponse(
+        status_code=429,
+        content={"detail": "Too many requests, try again later."},
+    )