Gdit0nddlmZddlZddlmZmZddlmZddlmZm Z ddl m Z d dZ Gdd e Z y) ) annotationsN)datetime timedelta)Set)AsyncMongoClientReturnDocument)HttpMiddlewarecz ttj|jS#t$rYywxYwN)str ipaddress ip_addressstrip Exception)values )./examples/blog/middlewares/rate_limit.py _valid_ipr s59'' 677 s +. ::cheZdZdZdZdZdZdZdZdZ ddd d d  dd Z dd Z d Z dZ y)MongoRateLimitMiddlewaream Global MongoDB-based rate limiter (Heroku + Cloudflare safe). - One document per client IP - Fixed window counter - Escalating temporary blocks - Permanent block based on 24h violation history - Fully atomic (single DB op per request) - PyMongo Async API (no Motor) Requires: - MongoDB 4.2+ (aggregation pipeline updates) 2<i NT) allowed_hoststrust_proxy_headersrequire_cf_rayct||_|j||_|j||_|xs t |_||_||_yr )rclientdb collectionsetrrr)self mongo_uridb_namecollection_namerrrs r__init__z!MongoRateLimitMiddleware.__init__+sQ'y1 ++g&''/2+3ce#6 ,ct|dixsi}|jrG|jdxsdjdddj }|r||jvry|j }|r&|j rt|jd}|rd D]"}t|j|}|s |cS|jd }t|tr"t|jd dd}|r|St|jd }|r|S|jjd xsd}t|dxsdS)Nheadershost:runknownzcf-ray)zcf-connecting-ipztrue-client-ipzx-forwarded-for,z x-real-ipr)r/r) getattrrgetsplitlowerrrboolr isinstancer scope) r#requestr*r+ can_trusthipxffrs r _client_ipz#MongoRateLimitMiddleware._client_ipBsA'9b17R   KK'-244S!#0y0r(cK|j|}tj}|t|jz }|t|j z }|}|j jd|id||dddgidd|gidd dgidd dgidd d gidd dgiddggid iddddddd|gidiiidddd ddd dgidd |gigigiiiddddd dd|gigiiidddddd|dgigidddddd d!dd gigigid"idd#dd$didd|jgigiiiddd%d!d d gid gidd%d&d|ggidgid'idd(ddd%dd |jgigi|t|jzd giiidd)d*diiidddd%dd+|jgigid,d giddd%dd+|jgid-d dgigi|d gid.id/gd0ig d,tjd d d d12d{}|xsi}|jd3r d4d5|d6gd7S|jd(}t|trA||krN)seconds)hours_idz$setz$ifNullz$countrz $window_startz $violationsz$blocked_untilz$permanent_blockedFz$permanent_blocked_atz$violation_events) rAr;count window_start violations blocked_untilpermanent_blockedpermanent_blocked_atviolation_eventsrHz$filtertz$gtez$$t)inputascond _blocked_nowz$orz$andz$nez$gt_window_expiredz$condz $_blocked_nowz$ltz$_window_expiredr.z$add)rCrB _over_limitz$notz $_over_limitz $concatArrays)rDrHrE _events_24hz$sizez $_events_24hTz$eq)rFrGz$unset)rMrNrOrP)rBrErF)upsertreturn_document projectionrFiz"Access permanently blocked for IP .) status_codebodyr*izToo many requests from z. Temporarily blocked.z Retry-AfterrBzRate limit exceeded for IP )r=rutcnowrWINDOW_SECONDSPERMA_WINDOW_HOURSr!find_one_and_update MAX_REQUESTSBLOCK_AFTER_VIOLATIONSBLOCK_FOR_SECONDSPERMA_BLOCK_AFTERrAFTERr2r6maxint total_secondsr ) r#r8 client_ipnowwindow_start_cutoffperma_window_cutoffkeydocrE retry_afters rbefore_requestz'MongoRateLimitMiddleware.before_requestksOOG, oo!Id6I6I$JJ!ID4K4K$LLOO77 CL"'"+h]!;)2_c4J(K'0=!2D&E*36F5M)N.7:NPU9V-W%(?'F1.79Lb8Q,R "*%)<&))/%9L1M(N(- &! 4$*).1A40H(I).1A30G(H-&!"$ ) ")# / %!&:M(N O&, # / /!(+=sO*T U&)$ / ($+(:())/(A(?.&!" & "4%"!' 9!&43D3D(E F%( # .!'-); < -&'$ .!03F2N O 3&-('#$*(6,20=040K0K5.)*-& !"!$i8N8N&O O 0&*,-'3F)GHI#$*(6,20>040F0F5.)*-& !"!% 4&.$$$*(6,20>040F0F5.)* */1H$0O(P -& !"!$ 7&1%$&R_w p*00!"QQOy8} } ~iR 77& '"  swww" #d&7&7 7"5i[B  s} sF4I36I17B;I3c Kywr )r#r8rU response_body extra_headerss r after_requestz&MongoRateLimitMiddleware.after_requestOs s)rate_limits_global) r$r r%r r&r rzSet[str] | Nonerr5rr5)returnr )__name__ __module__ __qualname____doc__r[rXr\r]rYr^r'r=rjrorlr(rrrs LN 4 - *.$(#--- - ' -"--.#1RbHr(r)r str | Nonerqrv) __future__rr rrtypingrpymongorrmicropier rrrlr(rr{s*"(4#~~~r(