Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to retrieve current user from request.headers while ratelimiting the endpoint?

See original GitHub issue

For ratelimiting the endpoint I want to use two approaches i)based on IP address (unprotected endpoint, no JWT access token)

def get_remote_address(request: Request) -> str:
    """
    Returns the ip address for the current request (or 127.0.0.1 if none found)
    """
    return request.client.host or "127.0.0.1"

It works fine

2 ) based on current user, current user has to be retrieved from JWT access token. JWT access token is created using this fastapi-jwt-auth and user is in get-jwt-subject.

from starlette.requests import Request
from fastapi_jwt_auth import AuthJWT

def get_user_from_headers(request: Request):
    if 'authorization' in request.headers:
        
        current_user = AuthJWT.get_jwt_subject()
        print(current_user)
        return current_user
    else:
         return  get_remote_address

Doing this, I couldn’t find current-user. How to find current_user if request.headers has authorization?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:17 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
himalacharyacommented, Jan 9, 2021

There is some approach that can be done, e.g like this

def get_user_id_or_ip(request: Request):
    authorize = AuthJWT(request)  # initial instance fastapi-jwt-auth
    try:
        authorize.jwt_optional()  # for validation jwt token
        return authorize.get_jwt_subject() or request.client.host
    except AuthJWTException:
        return request.client.host

Thank you

1reaction
himalacharyacommented, Jan 3, 2021
return authorize.get_jwt_subject() or get_remote_address

Thank you very much

Read more comments on GitHub >

github_iconTop Results From Across the Web

Rate limiting your RESTful API - Medium
Rate limiting : use X-RateLimit-* HTTP headers and 429 status code ... When a rate limit is reached, your API should return the...
Read more >
RateLimit Header Fields for HTTP - IETF
On the web we can find many different rate-limit headers, usually containing the number of allowed requests in a given time window, and...
Read more >
User and IP rate limits - GitLab Docs
Select Enable unauthenticated API request rate limit. ... Otherwise, you must trust your users to not set that header and bypass the GitLab ......
Read more >
Understanding and implementing rate limiting in Node.js
In general terms, it allows us to control the rate at which user requests are processed by our server. In this article, we...
Read more >
Rate Limit Policy - Auth0
For the up-to-date information on rate limits, you can review the HTTP response headers returned from rate-limited endpoints. API requests to ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Output events not caught under AOT

Next page

Websocket Support