Ratelimit user_id for JWT access token , IP address for endpoint having not token. #48

apptechxonia · 2022-01-05T14:45:09Z

apptechxonia
Jan 5, 2022

using https://indominusbyte.github.io/fastapi-jwt-auth/ for JWT auth. My requirement is to ratelimit users based on client ip address not having token . For endpoint having access token , user_id is in access token and want to ratelimit that user_id. While using another ratelimiter slowapi, folllowing code worked fine. How to define auth_function while using this ratelimit.

from fastapi_jwt_auth import AuthJWT
from starlette.requests import Request
def get_user_id_or_ip(request: Request):
    authorize = AuthJWT(request)  # initial instance fastapi-jwt-auth
    try:        
         # If JWT Token is present then get_jwt_object otherwise return client IP address
         authorize.jwt_optional()  # for validation jwt token
        return decrypt_data(authorize.get_jwt_subject()) or request.client.host
    except AuthJWTException:
        return request.client.host

In main.py  (using fastApi)
app.add_middleware(
    RateLimitMiddleware,
    authenticate=get_user_id_or_ip,
    backend=RedisBackend(),
    config={
        r"^/towns": [Rule(second=1, group="default"), Rule(group="admin")],
        r"^/forests": [Rule(minute=1, group="default"), Rule(group="admin")],
    },
)

abersheeran · 2022-01-05T15:08:51Z

abersheeran
Jan 5, 2022
Maintainer

Please read README

async def AUTH_FUNCTION(scope: Scope) -> Tuple[str, str]:
    """
    Resolve the user's unique identifier and the user's group from ASGI SCOPE.

    If there is no user information, it should raise `EmptyInformation`.
    If there is no group information, it should return "default".
    """
    # FIXME
    # You must write the logic of this function yourself,
    # or use the function in the following document directly.
    return USER_UNIQUE_ID, GROUP_NAME

9 replies

abersheeran Jan 6, 2022
Maintainer

And, handle_auth_error need return response

apptechxonia Jan 6, 2022
Author

I added return response on handle_auth_error
After wring my_auth(scope: Scope), I replaced my code as

async def my_auth(scope: Scope) -> Tuple[str, str]:
    authorize = AuthJWT(scope)  # initial instance fastapi-jwt-auth
    try:

        # If JWT Token is present then get_jwt_object otherwise return client IP address
        authorize.jwt_optional()  # for validation jwt token
        
        return (decrypt_data(authorize.get_jwt_subject()) or scope.client.host , "default")
    except AuthJWTException:
        return scope.client.host , "default"

But every time it gives me handle_auth_error . When I removed on-auth_error, following error

  File "C:\*****\venv\lib\site-packages\ratelimit\core.py", line 59, in __call__
    user, group = await self.authenticate(scope)
  File ".\app\core\services\limiter.py", line 54, in my_auth
    authorize = AuthJWT(scope)  # initial instance fastapi-jwt-auth
  File "C:\***\venv\lib\site-packages\fastapi_jwt_auth\auth_jwt.py", line 36, in __init__
    auth = req.headers.get(self._header_name.lower())
AttributeError: 'dict' object has no attribute 'headers'

How to restructure authorize = AuthJWT(request) and request.client.host after removig request and writing scope?

abersheeran Jan 6, 2022
Maintainer

I added return response on handle_auth_error After wring my_auth(scope: Scope), I replaced my code as

async def my_auth(scope: Scope) -> Tuple[str, str]:
    authorize = AuthJWT(scope)  # initial instance fastapi-jwt-auth
    try:

        # If JWT Token is present then get_jwt_object otherwise return client IP address
        authorize.jwt_optional()  # for validation jwt token
        
        return (decrypt_data(authorize.get_jwt_subject()) or scope.client.host , "default")
    except AuthJWTException:
        return scope.client.host , "default"

But every time it gives me handle_auth_error . When I removed on-auth_error, following error

  File "C:\*****\venv\lib\site-packages\ratelimit\core.py", line 59, in __call__
    user, group = await self.authenticate(scope)
  File ".\app\core\services\limiter.py", line 54, in my_auth
    authorize = AuthJWT(scope)  # initial instance fastapi-jwt-auth
  File "C:\***\venv\lib\site-packages\fastapi_jwt_auth\auth_jwt.py", line 36, in __init__
    auth = req.headers.get(self._header_name.lower())
AttributeError: 'dict' object has no attribute 'headers'

How to restructure authorize = AuthJWT(request) and request.client.host after removig request and writing scope?

You can use request = fastapi.requests.Request(scope), and then use request like before.

apptechxonia Jan 6, 2022
Author

Still ISSUE

Traceback (most recent call last):
  File "C:\*****\\venv\lib\site-packages\aredis\connection.py", line 415, in connect
    await self._connect()
  File "C:\*****\\venv\lib\site-packages\aredis\connection.py", line 594, in _connect
    reader, writer = await exec_with_timeout(
  File "C:\*****\\venv\lib\site-packages\aredis\connection.py", line 39, in exec_with_timeout
    return await asyncio.wait_for(coroutine, timeout)
  File "c:\users\anaconda3\lib\asyncio\tasks.py", line 455, in wait_for
    return await fut
  File "c:\users\anaconda3\lib\asyncio\streams.py", line 52, in open_connection
    transport, _ = await loop.create_connection(
  File "c:\users\anaconda3\lib\asyncio\base_events.py", line 1033, in create_connection
    raise OSError('Multiple exceptions: {}'.format(
OSError: Multiple exceptions: [Errno 10061] Connect call failed ('::1', 6379, 0, 0), [Errno 10061] Connect call failed ('127.0.0.1', 6379)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\*****\\venv\lib\site-packages\starlette\middleware\errors.py", line 159, in __call__
    await self.app(scope, receive, _send)
  File "C:\*****\\venv\lib\site-packages\ratelimit\core.py", line 78, in __call__
    retry_after = await self.backend.retry_after(url_path, user, rule)
  File "C:\*****\\venv\lib\site-packages\ratelimit\backends\redis.py", line 54, in retry_after
    block_time = await self.is_blocking(user)
  File "C:\*****\\venv\lib\site-packages\ratelimit\backends\redis.py", line 51, in is_blocking
    return int(await self._redis.ttl(f"blocking:{user}"))
  File "C:\*****\\venv\lib\site-packages\aredis\commands\keys.py", line 231, in ttl
    return await self.execute_command('TTL', name)
  File "C:\*****\\venv\lib\site-packages\aredis\client.py", line 165, in execute_command
    await connection.send_command(*args)
  File "C:\*****\\venv\lib\site-packages\aredis\connection.py", line 486, in send_command
    await self.connect()
  File "C:\*****\venv\lib\site-packages\aredis\connection.py", line 417, in connect
    raise ConnectionError()
aredis.exceptions.ConnectionError

abersheeran Jan 6, 2022
Maintainer

Ensure your redis status and your redis config

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ratelimit user_id for JWT access token , IP address for endpoint having not token. #48

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 9 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Ratelimit user_id for JWT access token , IP address for endpoint having not token. #48

apptechxonia Jan 5, 2022

Replies: 1 comment · 9 replies

abersheeran Jan 5, 2022 Maintainer

abersheeran Jan 6, 2022 Maintainer

apptechxonia Jan 6, 2022 Author

abersheeran Jan 6, 2022 Maintainer

apptechxonia Jan 6, 2022 Author

abersheeran Jan 6, 2022 Maintainer

apptechxonia
Jan 5, 2022

Replies: 1 comment 9 replies

abersheeran
Jan 5, 2022
Maintainer

abersheeran Jan 6, 2022
Maintainer

apptechxonia Jan 6, 2022
Author

abersheeran Jan 6, 2022
Maintainer

apptechxonia Jan 6, 2022
Author

abersheeran Jan 6, 2022
Maintainer