Skip to content

Commit 802f1ea

Browse files
timokoesslertimokoessler
committed
Also bypass group rate limits
1 parent 1e5f61d commit 802f1ea

2 files changed

Lines changed: 12 additions & 19 deletions

File tree

aikido_zen/ratelimiting/__init__.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ def should_ratelimit_request(
2424
max_requests = int(endpoint["rateLimiting"]["maxRequests"])
2525
windows_size_in_ms = int(endpoint["rateLimiting"]["windowSizeInMS"])
2626

27+
if (
28+
user
29+
and user.get("id") in connection_manager.conf.excluded_uids_from_rate_limiting
30+
):
31+
return {"block": False}
32+
2733
if group:
2834
allowed = connection_manager.rate_limiter.is_allowed(
2935
get_key_for_group(endpoint, group),
@@ -36,8 +42,6 @@ def should_ratelimit_request(
3642
# Do not check IP or user rate limit if group is set
3743
return {"block": False}
3844
if user:
39-
if user.get("id") in connection_manager.conf.excluded_uids_from_rate_limiting:
40-
return {"block": False}
4145
allowed = connection_manager.rate_limiter.is_allowed(
4246
get_key_for_user(endpoint, user),
4347
windows_size_in_ms,

aikido_zen/ratelimiting/init_test.py

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -531,7 +531,7 @@ def test_non_excluded_user_still_rate_limited():
531531
}
532532

533533

534-
def test_excluded_user_still_blocked_by_group_rate_limit():
534+
def test_excluded_user_bypasses_group_rate_limit():
535535
endpoint = {
536536
"method": "POST",
537537
"route": "/login",
@@ -545,22 +545,11 @@ def test_excluded_user_still_blocked_by_group_rate_limit():
545545
cm = create_connection_manager([endpoint], excluded_uids=["user123"])
546546
route_metadata = create_route_metadata()
547547

548-
assert should_ratelimit_request(
549-
route_metadata, "1.2.3.4", {"id": "user123"}, cm, "group1"
550-
) == {"block": False}
551-
assert should_ratelimit_request(
552-
route_metadata, "1.2.3.4", {"id": "user123"}, cm, "group1"
553-
) == {"block": False}
554-
assert should_ratelimit_request(
555-
route_metadata, "1.2.3.4", {"id": "user123"}, cm, "group1"
556-
) == {"block": False}
557-
# Group rate limit still applies even for excluded users
558-
assert should_ratelimit_request(
559-
route_metadata, "1.2.3.4", {"id": "user123"}, cm, "group1"
560-
) == {
561-
"block": True,
562-
"trigger": "group",
563-
}
548+
# Excluded user should never be blocked, even past maxRequests, even with a group set
549+
for _ in range(5):
550+
assert should_ratelimit_request(
551+
route_metadata, "1.2.3.4", {"id": "user123"}, cm, "group1"
552+
) == {"block": False}
564553

565554

566555
def test_rate_limits_by_group_if_user_is_not_set():

0 commit comments

Comments
 (0)