Make default limit configurable

uwblueprint · Feb 16, 2022 · c615443 · c615443
1 parent 17fb5a6
commit c615443
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 3 deletions.
diff --git a/backend/python/app/__init__.py b/backend/python/app/__init__.py
@@ -49,7 +49,14 @@ def create_app(config_name):
     app.config["CORS_SUPPORTS_CREDENTIALS"] = True
     CORS(app)
 
-    Limiter(app, key_func=get_remote_address, default_limits=["15 per minute"])
+    default_minute_rate_limit = (
+        os.getenv("BACKEND_API_DEFAULT_PER_MINUTE_RATE_LIMIT") or 15
+    )
+    Limiter(
+        app,
+        key_func=get_remote_address,
+        default_limits=[f"{default_minute_rate_limit} per minute"],
+    )
 
     if os.getenv("FLASK_CONFIG") != "production":
         app.config[

diff --git a/backend/typescript/graphql/index.ts b/backend/typescript/graphql/index.ts
@@ -63,12 +63,17 @@ const rateLimitRule = createRateLimitRule({
   formatError: () => "Too many requests, please try again later.",
 });
 
+const defaultMinuteRateLimit = parseInt(
+  process.env.BACKEND_API_DEFAULT_PER_MINUTE_RATE_LIMIT || "15",
+  10,
+);
+
 const rateLimiters = shield(
   {},
   {
     fallbackRule: rateLimitRule({
       window: "1m",
-      max: 15,
+      max: defaultMinuteRateLimit,
     }),
   },
 );

diff --git a/backend/typescript/server.ts b/backend/typescript/server.ts
@@ -28,9 +28,13 @@ const CORS_OPTIONS: cors.CorsOptions = {
 
 const swaggerDocument = YAML.load("swagger.yml");
 
+const defaultMinuteRateLimit = parseInt(
+  process.env.BACKEND_API_DEFAULT_PER_MINUTE_RATE_LIMIT || "15",
+  10,
+);
 const limiter = RateLimit({
   windowMs: 1 * 60 * 1000, // 1 minute
-  max: 15,
+  max: defaultMinuteRateLimit,
   standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
   legacyHeaders: false, // Disable the `X-RateLimit-*` headers
 });