flask-gatekeeper

Release 1.0.0

A (very) simple banning & rate limiting extension for Flask.

Homepage PyPI Python

Keywords
banning, flask, python, rate-limiting
License
MIT
Install
pip install flask-gatekeeper==1.0.0

Documentation

flask-gatekeeper

A simple banning & rate limiting extension for Flask.

PyPI - Status PyPI - Version PyPI - Downloads

It's not meant to be a replacement for other, more complex banning & rate limiting modules like flask-Limiter or flask-ipban.

It has the following specificities:

  • no dependencies,
  • quite fast due to the use of collections.deque,
  • in-memory storage (no persistence across restarts).

Full documentation can be found here: https://k0rventen.github.io/flask-gatekeeper/

Getting started

Install

pip install flask-gatekeeper

Sample usage

Here is a demo app showing the main capabilities of flask-gatekeeper :

# import flask-gatekeeper along flask
from flask import Flask
from flask_gatekeeper import GateKeeper 

app = Flask(__name__)
gk = GateKeeper(app, # or use .init_app(app) later 
                ip_header="x-my-ip", # optionnal header to use for the client IP (e.g if using a reverse proxy)
                ban_rule={"count":3,"window":10,"duration":600}, # 3 reports in a 10s window will ban for 600s
                rate_limit_rules=[{"count":20,"window":1},{"count":100,"window":10}], # rate limiting will be applied if over 20 requests in 1s or 100 requests in 10s
                excluded_methods=["HEAD"]) # do not add HEAD requests to the tally 

# By default, all routes will use the rate limiting we defined above:

@app.route("/ping") # this route is rate limited by the global rule
def ping():
    return "ok",200

@app.route("/login") # also rate limited by the global rule
def login():
    if request.json.get("password") == "password":
        return token,200
    else:
        gk.report() # report the request's IP, after 3 reports in this case the IP will be banned 
        return "bad password",401

# we can specify different rate limiting rules using decorators

@app.route("/global_plus_specific")
@gk.specific(rate_limit_rules=[{"count":1,"window":2}]) # add another rate limit on top of the global one (to avoid bursting for example)
def specific():
    return "ok",200

@app.route("/standalone")
@gk.specific(rate_limit_rules=[{"count":10,"window":3600}],standalone=True) # rate limited only by this rule
def standalone():
    return "ok",200

@app.route("/bypass")
@gk.bypass # do not apply anything on that route
def bypass():
    return "ok",200


app.run("127.0.0.1",5000)

Copy that in a file or your REPL, then try the various endpoints.

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
8
Latest release
First release
Stars
1
Forks
0
Watchers
1
Contributors
1
Repository size
2.82 MB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.0
0.3.3
0.3.2
0.3.1
0.3.0
0.2.1
0.2
0.1

Contributors

coco


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-05-16 18:05:16 UTC

Login to resync this project