Adds 250/minute rate limit to SignalInstance POST API endpoint using slowapi

requirements-base.in

@@ -44,6 +44,7 @@ sentry-sdk
 sh
 slack-bolt
 slack_sdk
+slowapi
 spacy
 sqlalchemy-filters
 sqlalchemy-utils

requirements-base.txt

@@ -4,6 +4,7 @@
 #
 #    pip-compile requirements-base.in
 #
+
 aiocache==0.12.1
     # via -r requirements-base.in
 aiofiles==23.1.0
@@ -99,7 +100,9 @@ decorator==5.1.1
 defusedxml==0.7.1
     # via jira
 deprecated==1.2.13
-    # via atlassian-python-api
+    # via
+    #   atlassian-python-api
+    #   limits
 dnspython==2.3.0
     # via email-validator
 duo-client==5.0.0
@@ -166,6 +169,8 @@ idna==3.4
     #   httpx
     #   requests
     #   yarl
+importlib-resources==5.12.0
+    # via limits
 iniconfig==2.0.0
     # via pytest
 jinja2==3.1.2
@@ -186,6 +191,8 @@ junit-xml==1.9
     # via schemathesis
 langcodes==3.3.0
     # via spacy
+limits==3.4.0
+    # via slowapi
 lxml==4.9.2
     # via
     #   emails
@@ -229,6 +236,7 @@ openai==0.27.6
     # via -r requirements-base.in
 packaging==23.0
     # via
+    #   limits
     #   pytest
     #   spacy
     #   statsmodels
@@ -377,6 +385,8 @@ slack-sdk==3.21.3
     # via
     #   -r requirements-base.in
     #   slack-bolt
+slowapi==0.1.8
+    # via -r requirements-base.in
 smart-open==6.3.0
     # via
     #   pathy
@@ -442,6 +452,7 @@ typing-extensions==4.4.0
     # via
     #   -r requirements-base.in
     #   alembic
+    #   limits
     #   pydantic
     #   schemathesis
 tzdata==2023.3

src/dispatch/main.py

@@ -10,6 +10,8 @@
 from pydantic.error_wrappers import ValidationError
 
 from sentry_asgi import SentryMiddleware
+from slowapi import _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
 from sqlalchemy import inspect
 from sqlalchemy.orm import scoped_session
 from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoint
@@ -28,6 +30,7 @@
 from .extensions import configure_extensions
 from .logging import configure_logging
 from .metrics import provider as metric_provider
+from .rate_limiter import limiter
 
 
 log = logging.getLogger(__name__)
@@ -49,6 +52,8 @@ async def not_found(request, exc):
 
 # we create the ASGI for the app
 app = FastAPI(exception_handlers=exception_handlers, openapi_url="")
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
 
 # we create the ASGI for the frontend
 frontend = FastAPI(openapi_url="")

src/dispatch/rate_limiter.py

@@ -0,0 +1,5 @@
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+
+
+limiter = Limiter(key_func=get_remote_address)

src/dispatch/signal/views.py

@@ -1,13 +1,14 @@
 import logging
 
-from fastapi import APIRouter, BackgroundTasks, HTTPException, status
+from fastapi import APIRouter, BackgroundTasks, HTTPException, Request, Response, status
 from pydantic.error_wrappers import ErrorWrapper, ValidationError
 from sqlalchemy.exc import IntegrityError
 
 from dispatch.auth.service import CurrentUser
 from dispatch.database.core import DbSession
 from dispatch.database.service import CommonParameters, search_filter_sort_paginate
 from dispatch.exceptions import ExistsError
+from dispatch.rate_limiter import limiter
 from dispatch.models import OrganizationSlug, PrimaryKey
 from dispatch.project import service as project_service
 from dispatch.signal import service as signal_service
@@ -52,11 +53,14 @@ def get_signal_instances(common: CommonParameters):
 
 
 @router.post("/instances", response_model=SignalInstanceRead)
+@limiter.limit("250/minute")
 def create_signal_instance(
     db_session: DbSession,
     organization: OrganizationSlug,
     signal_instance_in: SignalInstanceCreate,
     background_tasks: BackgroundTasks,
+    request: Request,
+    response: Response,
 ):
     """Create a new signal instance."""
     project = project_service.get_by_name_or_default(