pypi i django-graphql-ratelimit


CircleCI PyPI

Eaiser to use django-ratelimit for graphql in django.


pip install django-graphql-ratelimit


ratelimit key support gql:xxx, where xxx is argument.

from django_graphql_ratelimit import ratelimit
class RequestSMSCode(graphene.Mutation):
    class Arguments:
        phone = graphene.String(required=True)

    ok = graphene.Boolean()

    @ratelimit(key="ip", rate="10/m", block=True)
    @ratelimit(key="gql:phone", rate="5/m", block=True)
    def mutate(self, info, phone):
        request = info.context
        # send sms code logic
        return RequestSMSCode(ok=True)

You can use django-ratelimit keys except get:xxx and post:xxx:

  • ip - Use the request IP address (i.e. request.META['REMOTE_ADDR']) I suggest you to use django-ipware to get client ip, modify you MIDDLEWARE in settings:
  • header:x-x - Use the value of request.META.get('HTTP_X_X', '').
  • user: - Use an appropriate value from request.user. Do not use with unauthenticated users.
  • user_or_ip - Use an appropriate value from request.user if the user is authenticated, otherwise use request.META['REMOTE_ADDR'] (see the note above about reverse proxies).

Jump To