-
-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option swallow_errors don't work with limit configured with a deduct_when option and a storage backend down #363
Comments
tlauga
pushed a commit
to cogniteev/flask-limiter
that referenced
this issue
Oct 25, 2022
This was referenced Oct 25, 2022
alisaifee
pushed a commit
that referenced
this issue
Oct 25, 2022
… issue #363 (#364) Co-authored-by: Tom Lauga-Cami <[email protected]>
Thanks for providing the fix. I'll try to get a |
The fix is now available in 2.7.0 |
netbsd-srcmastr
referenced
this issue
in NetBSD/pkgsrc
Nov 5, 2023
v3.5.0 ------ Release Date: 2023-08-30 * Feature * Add `meta_limits` to allow for creating upper limits for requesting clients to breach application rate limits. * Bug fix * Ensure on breach callbacks can be configured using flask config v3.4.1 ------ Release Date: 2023-08-26 * Bug fix - Ensure _version.py has stable content when generated using `git archive` from a tag regardless of when it is run. v3.4.0 ------ Release Date: 2023-08-22 * Feature * Add extended configuration for application limits * `application_limits_exempt_when` * `application_limits_deduct_when` * `application_limits_per_method` * Bug fix * Ensure blueprint static routes are exempt v3.3.1 ------ Release Date: 2023-05-03 * Chores * Improve default limits documentation * Update documentation dependencies * Fix typing compatibility errors in headers v3.3.0 ------ Release Date: 2023-02-26 * Bug Fix * Ensure per route limits are preferred (over application limits) when populating rate limiting headers in the case where no rate limit has been breached in the request. v3.2.0 ------ Release Date: 2023-02-15 * Feature * Allow configuring request identity * Chores * Improve linting with ruff * Update development dependencies v3.1.0 ------ Release Date: 2022-12-29 * Feature * Skip logging an error if a decorated limit uses a callable to return the "current" rate limit and returns an empty string. Treat this is a signal that the rate limit should be skipped for this request. v3.0.0 ------ Release Date: 2022-12-28 * Breaking changes * Change order of extension constructor arguments to only require ``key_func`` as the first positional argument and all other arguments as keyword arguments. * Separate positional/keyword arguments in limit/shared_limit decorators * Remove deprecated config variable RATELIMIT_STORAGE_URL * Remove legacy backward compatibility path for flask < 2 * Features * Allow scoping regular limit decorators / context managers v3.0.0b2 -------- Release Date: 2022-12-28 * Breaking changes * Remove deprecated config variable RATELIMIT_STORAGE_URL * Remove legacy backward compatibility path for flask < 2 * Enforce key_func as a required argument * Chores * Simplify registration of decorated function & blueprint limits v3.0.0b1 -------- Release Date: 2022-12-26 * Breaking changes * Change order of extension constructor arguments to only require ``key_func`` as the first positional argument and all other arguments as keyword arguments. * Separate positional/keyword arguments in limit/shared_limit decorators * Features * Allow scoping regular limit decorators / context managers v2.9.2 ------ Release Date: 2022-12-26 * Feature * Extend customization by http method to shared_limit decorator v2.9.1 ------ Release Date: 2022-12-26 * Chores * Update documentation quick start * Refresh documentation for class based views v2.9.0 ------ Release Date: 2022-12-24 * Features * Allow using `limit` & `shared_limit` decorators on pure functions that are not decorated as routes. The functions when called from within a request context will get rate limited. * Allow using `limit` as a context manager to rate limit a code block explicitly within a request * Chores * Updated development dependencies * Fix error running tests depending on docker locally * Update internals to use dataclasses v2.8.1 ------ Release Date: 2022-11-15 * Chores * Add sponsorship banner to rtd * Update documentation dependencies v2.8.0 ------ Release Date: 2022-11-13 * Breaking changes * Any exception raised when calling an ``on_breach`` callback will be re-raised instead of being absorbed unless ``swallow_errors`` is set. In the case of ``swallow_errors`` the exception will now be logged at ``ERROR`` level instead of ``WARN`` * Reduce log level of rate limit exceeded log messages to ``INFO`` v2.7.0 ------ Release Date: 2022-10-25 * Bug Fix * Add default value for RateLimitExceeded optional parameter * Fix suppression of errors when using conditional deduction (`Issue 363 <https://github.com/alisaifee/flask-limiter/issues/363>`_) v2.6.3 ------ Release Date: 2022-09-22 * Compatibility * Ensure typing_extensions dependency has a minimum version * Chores * Documentation tweaks * Update CI to use 3.11 rc2 v2.6.2 ------ Release Date: 2022-08-24 * Chores * Improve quick start documentation v2.6.1 ------ Release Date: 2022-08-23 * Usability * Emit warning when in memory storage is used as a default when no storage uri is provided v2.6.0 ------ Release Date: 2022-08-11 * Feature * Expand use of ``on_breach`` callback to return a ``Response`` object that will be used as the error response on rate limits being exceeded v2.5.1 ------ Release Date: 2022-08-05 * Compatibility * Migrate use of `flask._request_ctx_stack` to `flask.globals.request_ctx` to support Flask 2.2+ * Chores * Expand CI matrix to test against Flask 2.0,2.1 & 2.2 * Make tests compatible with Flask 2.2.+ v2.5.0 ------ Release Date: 2022-07-07 * Features * Ensure multiple extension instances registered on a single application exercise before/after request hooks * Chores * Improve documentation v2.4.6 ------ Release Date: 2022-06-06 * Chore * Add python 3.11 to CI matrix v2.4.5.1 -------- Release Date: 2022-04-22 * Chore * Automate github releases v2.4.5 ------ Release Date: 2022-04-21 * Chore * Automate github releases v2.4.4 ------ Release Date: 2022-04-21 * Chore * Automate github releases v2.4.3 ------ Release Date: 2022-04-21 * Chore * Second attempt to generate release notes v2.4.2 ------ Release Date: 2022-04-21 * Chore * Test for automating github release notes v2.4.1 ------ Release Date: 2022-04-21 * Chore * Automate github releases v2.4.0 ------ Release Date: 2022-04-20 * Feature * Add CLI for inspecting & clearing rate limits * Bug Fix * Ensure exempt decorator can be used with flags for view functions * Chores * Refactor rate limit resolution to limit manager v2.3.3 ------ Release Date: 2022-04-20 * Bug Fix * Ensure `request.blueprint` is actually registered on the current app before using it for blueprint limits or exemptions. (`Issue 336 <https://github.com/alisaifee/flask-limiter/issues/336>`_) v2.3.2 ------ Release Date: 2022-04-17 * Feature * Extend cost parameter to default & application limits * Chore * Improve type strictness / checking * Improve documentation on landing page v2.3.1 ------ Release Date: 2022-04-14 * Bug Fixes * Add missing extras requirements for installation * Add py.typed for PEP 561 compliance v2.3.0 ------ Release Date: 2022-04-11 * Features * Expose option to register a callback for rate limit breaches of default limits via the :paramref:`~flask_limiter.Limiter.on_breach` constructor parameter * Replace use of `flask.g` with request context for keeping track of extension state (:issue:`327`) * Rework implementation of :meth:`~flask_limiter.Limiter.exempt` to accomodate nested blueprints. (:issue:`326`) * Chores * Add python 3.11 to CI * Extract management and filtering of limits to LimitManager * Improve correctness of resolving inherited limits & extensions when working with Blueprints (especially nested ones) v2.2.0 ------ Release Date: 2022-03-05 * Feature * Allow a function to be used for the ``cost`` parameter to limiter decorators. v2.1.3 ------ Release Date: 2022-01-30 * Chore * Update documentation theme v2.1 ---- Release Date: 2022-01-15 * Feature * Add ``current_limit`` attribute to extension to allow clients to fetch the relevant current limit that was evaluated. * Update extension constructor parameters to match flask config for header control * Add ``on_breach`` callback for ``limit`` and ``shared_limit`` decorators to be used as hooks for when a limit is breached * Add ``cost`` argument to ``limit`` and ``shared_limit`` to control how much is deducted when a hit occurs. * Chore * Improve documentation around configuration * Deprecation * Remove hacks for managing incorrectly ordered limit/route decorators v2.0.4 ------ Release Date: 2021-12-22 * Chore * Documentation theme upgrades * Integrate pytest-docker plugin * Mass linting * Deprecation * Removed deprecated RATELIMIT_GLOBAL config * Added deprecation doc for RATELIMIT_STORAGE_URL config v2.0.3 ------ Release Date: 2021-12-15 Documentation & test tweaks v2.0.2 ------ Release Date: 2021-11-28 * Features * Pin Flask, limits to >= 2 * Add type hints v2.0.1 ------ Release Date: 2021-11-28 * Deprecations * Remove deprecated get_ipaddr method * Remove use of six * Remove backward compatibility hacks for RateLimit exceptions v2.0.0 ------ Release Date: 2021-11-27 Drop support for python < 3.7 & Flask < 2.0 v1.5 ---- Release Date: 2021-11-27 Final Release for python < 3.7 * Features * Prepend ``key_prefix`` to extension variables attached to ``g`` * Expose ``g.view_limits`` v1.4 ---- Release Date: 2020-08-25 * Bug Fix * Always set headers for conditional limits * Skip init_app sequence when the rate limiter is disabled v1.3.1 ------ Release Date: 2020-05-21 * Bug Fix * Ensure headers provided explictely by setting `_header_mapping` take precedence over configuration values. v1.3 ---- Release Date: 2020-05-20 * Features * Add new ``deduct_when`` argument that accepts a function to decorated limits to conditionally perform depletion of a rate limit (`Pull Request 248 <https://github.com/alisaifee/flask-limiter/pull/248>`_) * Add new ``default_limits_deduct_when`` argument to Limiter constructor to conditionally perform depletion of default rate limits * Add ``default_limits_exempt_when`` argument that accepts a function to allow skipping the default limits in the ``before_request`` phase * Bug Fix * Fix handling of storage failures during ``after_request`` phase. * Code Quality * Use github-actions instead of travis for CI * Use pytest instaad of nosetests * Add docker configuration for test dependencies * Increase code coverage to 100% * Ensure pyflake8 compliance v1.2.1 ------ Release Date: 2020-02-26 * Bug fix * Syntax error in version 1.2.0 when application limits are provided through configuration file (`Issue 241 <https://github.com/alisaifee/flask-limiter/issues/241>`_) v1.2.0 ------ Release Date: 2020-02-25 * Add `override_defaults` argument to decorated limits to allow combinined defaults with decorated limits. * Add configuration parameter RATELIMIT_DEFAULTS_PER_METHOD to control whether defaults are applied per method. * Add support for in memory fallback without override (`Pull Request 236 <https://github.com/alisaifee/flask-limiter/pull/236>`_) * Bug fix * Ensure defaults are enforced when decorated limits are skipped (`Issue 238 <https://github.com/alisaifee/flask-limiter/issues/238>`_) v1.1.0 ------ Release Date: 2019-10-02 * Provide Rate limit information with Exception (`Pull Request 202 <https://github.com/alisaifee/flask-limiter/pull/202>`_) * Respect existing Retry-After header values (`Pull Request 143 <https://github.com/alisaifee/flask-limiter/pull/143>`_) * Documentation improvements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context:
I created a limiter with options
swallow_errors=True
andin_memory_fallback_enabled=False
in case the backend storage is down so that clients still can access routes without rate-limit.I then create a "global" limit to set a same limit on multiple routes, and I set the option deduct_when to avoid blocking user if they receive
status_code != 200
test_code:
Expected:
If the redis backend is not up, I want my client to access route '/' without limitation.
Output:
When a client access the road '/' with redis down, an exception 111 is raised without being swallow.
Quick fix:
In extension.py file, in the __check_conditional_deductions function, I implement this try-except to avoid this problem:
The text was updated successfully, but these errors were encountered: