backup
Some checks failed
CI / Backend Tests (pull_request) Has been cancelled
CI / Lint (pull_request) Has been cancelled
CI / Type Check (pull_request) Has been cancelled
CI / Import Boundary (pull_request) Has been cancelled
CI / OpenAPI Breaking Changes (pull_request) Has been cancelled
CI / OpenAPI Baseline Commit (pull_request) Has been cancelled
Some checks failed
CI / Backend Tests (pull_request) Has been cancelled
CI / Lint (pull_request) Has been cancelled
CI / Type Check (pull_request) Has been cancelled
CI / Import Boundary (pull_request) Has been cancelled
CI / OpenAPI Breaking Changes (pull_request) Has been cancelled
CI / OpenAPI Baseline Commit (pull_request) Has been cancelled
This commit is contained in:
@@ -242,9 +242,9 @@ async def _lifespan(app: FastAPI) -> AsyncGenerator[None, None]:
|
||||
# deployments, it should be replaced with a shared backend.
|
||||
_update_session_cache(app, settings)
|
||||
|
||||
# Initialize the global rate limiter (200 requests per 60 seconds per IP).
|
||||
# Initialize the global rate limiter (600 requests per 60 seconds per IP).
|
||||
# Applied to all endpoints via middleware. Process-local implementation.
|
||||
app.state.global_rate_limiter = GlobalRateLimiter(max_requests=200, window_seconds=60)
|
||||
app.state.global_rate_limiter = GlobalRateLimiter(max_requests=600, window_seconds=60)
|
||||
|
||||
log.info("bangui_started")
|
||||
|
||||
@@ -1095,10 +1095,10 @@ def create_app(settings: Settings | None = None) -> FastAPI:
|
||||
if resolved_settings.session_cache_enabled and resolved_settings.session_cache_ttl_seconds > 0.0
|
||||
else NoOpSessionCache()
|
||||
)
|
||||
# Initialize the global rate limiter (200 requests per 60 seconds per IP).
|
||||
# Initialize the global rate limiter (600 requests per 60 seconds per IP).
|
||||
# This is also re-initialized in the lifespan, but must be present here
|
||||
# for tests that bypass the lifespan via ASGITransport.
|
||||
app.state.global_rate_limiter = GlobalRateLimiter(max_requests=200, window_seconds=60)
|
||||
app.state.global_rate_limiter = GlobalRateLimiter(max_requests=600, window_seconds=60)
|
||||
|
||||
set_setup_complete_cache(app, False)
|
||||
|
||||
@@ -1161,13 +1161,25 @@ def create_app(settings: Settings | None = None) -> FastAPI:
|
||||
path_prefixes=["/api/v1/history"],
|
||||
)
|
||||
|
||||
# Global rate limiter for all other endpoints.
|
||||
# 200 req/min per IP — default protection.
|
||||
# Polling endpoints (blocklist schedule) get a dedicated bucket
|
||||
# to avoid exhausting the global limit during normal frontend operation.
|
||||
app.add_middleware(
|
||||
RateLimitMiddleware,
|
||||
rate_limiter=app.state.global_rate_limiter,
|
||||
settings=resolved_settings,
|
||||
skip_paths=["/api/v1/auth/login", "/api/v1/setup", "/api/v1/history"],
|
||||
bucket_override="polling:read",
|
||||
bucket_max_requests=10000,
|
||||
bucket_window_seconds=60,
|
||||
path_prefixes=["/api/v1/blocklists/schedule"],
|
||||
)
|
||||
|
||||
# Global rate limiter for all other endpoints.
|
||||
# 600 req/min per IP — default protection.
|
||||
app.add_middleware(
|
||||
RateLimitMiddleware,
|
||||
rate_limiter=app.state.global_rate_limiter,
|
||||
settings=resolved_settings,
|
||||
skip_paths=["/api/v1/auth/login", "/api/v1/setup", "/api/v1/history", "/api/v1/blocklists/schedule"],
|
||||
)
|
||||
|
||||
# Validate middleware order before returning the app.
|
||||
|
||||
Reference in New Issue
Block a user