From 1d5970c4d38617a14c71af1520112e5508c15369 Mon Sep 17 00:00:00 2001
From: hanfi <ccc@spahan.ch>
Date: Thu, 13 Jul 2023 22:21:45 +0200
Subject: [PATCH] add rate limit for item creation

---
 backend/main.py  | 17 +++++++++++++----
 requirements.txt |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index e08af74..82d1274 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1,7 +1,10 @@
 from uuid import UUID
 
-from fastapi import Depends, FastAPI, HTTPException
+from fastapi import Depends, FastAPI, HTTPException, Request
 from fastapi.middleware.cors import CORSMiddleware
+from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+from slowapi.util import get_remote_address
 from sqlalchemy.orm import Session
 
 from . import schemas, utils
@@ -13,8 +16,6 @@ create_database()
 app = FastAPI()
 
 origins = [settings.customer_url, settings.worker_url]
-
-
 app.add_middleware(
     CORSMiddleware,
     allow_origins=origins,
@@ -22,6 +23,9 @@ app.add_middleware(
     allow_methods=["*"],
     allow_headers=["*"],
 )
+limiter = Limiter(key_func=get_remote_address)
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
 
 
 # Dependency
@@ -34,7 +38,12 @@ def get_db():
 
 
 @app.post("/item/prepare", response_model=schemas.Item)
-def add_item(item: schemas.ItemCreatePrepareShipping, db: Session = Depends(get_db)):
+@limiter.limit("2/minute")
+def add_item(
+    request: Request,
+    item: schemas.ItemCreatePrepareShipping,
+    db: Session = Depends(get_db),
+):
     return utils.prepare_item_shipping(db, item)
 
 
diff --git a/requirements.txt b/requirements.txt
index eab79be..cba80ad 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,3 +4,4 @@ Jinja2==3.1.2
 python-multipart==0.0.6
 SQLAlchemy==2.0.9
 uvicorn[standard]==0.21.1
+slowapi==0.1.8
-- 
GitLab