Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT]: Implement API Rate Limiting Middleware #1144

Open
NjengaC opened this issue Feb 28, 2025 · 0 comments
Open

[FEAT]: Implement API Rate Limiting Middleware #1144

NjengaC opened this issue Feb 28, 2025 · 0 comments

Comments

@NjengaC
Copy link
Contributor

NjengaC commented Feb 28, 2025
edited
Loading

[FEAT]: Implement API Rate Limiting Middleware

Description

This feature will implement API rate limiting to protect the FastAPI application from potential abuse (e.g., DoS attacks) and ensure overall system stability. The rate limiter will restrict the number of requests a single client (typically identified by IP) can make within a given time frame. When the request threshold is exceeded, the API will return a standardized JSON error response with an HTTP 429 status code.

Endpoint Details

Global Rate Limiting

  • Scope:
    The rate limiting middleware will be applied globally to all endpoints.

  • Behavior:
    When a client exceeds the predefined limit (e.g., 100 requests per minute), the API will immediately return an error response instead of processing further requests.

  • Error Response Example:

    • HTTP Status: 429 Too Many Requests
    • Response Body: 
      {
  "status": "failure",
  "status_code": 429,
  "message": "Too many requests, please try again later.",
  "data": null
}

Optional: Rate Limit Status Endpoint

  • Method: GET

  • Endpoint: /api/v1/ratelimit-status

  • Description:
    Returns the current rate limit details for the requesting client, including the maximum allowed requests, the number of remaining requests, and the reset time.

  • Request Example:
    GET /api/v1/ratelimit-status

  • Success Response Example:

{
  "status": "success",
  "status_code": 200,
  "message": "Rate limit status retrieved successfully.",
  "data": {
    "limit": 100,
    "remaining": 42,
    "reset": "2025-03-01T00:00:00Z"
  }
}
  • Error Handling Example: If the request fails due to internal errors, the following response may be returned:
{
  "status": "error",
  "status_code": 500,
  "message": "An unexpected error occurred.",
  "data": null
}

Tasks

  1. Integrate Rate Limiting Middleware:

  • Install and configure a rate limiting library SlowAPI.

  • Update main.py to import and apply the middleware globally.

  • Optionally, create a new module (e.g., api/utils/rate_limiter.py) to encapsulate rate limiting configuration and helper functions.

  1. Configure Rate Limits:

  • Define a default rate limit (e.g., 100 requests per minute per IP) that can be configured via environment variables.

  • Allow for endpoint-specific overrides if needed.

  1. Customize Error Response:

Ensure that when the rate limit is exceeded, the middleware returns an HTTP 429 response with the following JSON payload:

{
  "status": "failure",
  "status_code": 429,
  "message": "Too many requests, please try again later.",
  "data": null
}
  1. (Optional) Create Rate Limit Status Endpoint:

  • Implement a GET endpoint at /api/v1/ratelimit-status that returns the current rate limit information for the client.

  • Secure this endpoint as necessary and format the response in the standard JSON structure.

  1. Testing:

  • Unit Tests:

    • Simulate requests under and over the limit to verify that normal and error responses are returned as expected.

  • Integration Tests:

    • Test the rate limiting behavior across multiple endpoints (e.g., those in api/v1/routes/) to ensure uniform enforcement.

  • Validate that changes to environment variable settings adjust the rate limits accordingly.

Testing Requirements

  • Within Limit:

    • Confirm that requests within the allowed threshold are processed normally.

  • Exceeding Limit:

    • Verify that once the threshold is exceeded, the API returns an HTTP 429 error with the correct JSON error message.

  • Configuration Checks:

    • Ensure that modifying environment variables properly adjusts the rate limiting behavior.

Expected Outcome

  • Enhanced Stability:

    • The API remains resilient under heavy load by preventing excessive requests from a single client.

  • Consistent Error Handling:

    • Clients exceeding the request limit receive a clear, standardized error response.

  • Ease of Configuration:

    • Rate limiting settings can be easily modified via environment variables without code changes.

  • Improved Documentation:

    • Updated API docs provide detailed guidance on the rate limiting feature, configuration options, and example responses.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NjengaC