What is in the PR?
Add implementation to secure coverage and crashmanager API endpoints with rate-limiting.
This uses Throttling from Django rest framework and Redis cache db to store user request rate data.
Rate Limit Testing Script
A simple bash script to test API rate limiting. The script sends consecutive requests to an endpoint until it receives a rate limit response (HTTP 429) or reaches the maximum request count.
Setup
1. Create the script file:
2. Copy the script content intotest_rate_limit.sh
#!/bin/bash# ConfigurationENDPOINT="http://localhost:8000/crashmanager/rest/crashes/" # Adjust URL as needed# Set default MAX_REQUESTS if not provided as argumentMAX_REQUESTS=${1:-110} # Use first argument if provided, otherwise default to 110# Set token from second argument or use hardcoded defaultHARDCODED_TOKEN="your-default-token-here" # Replace with your actual default tokenTOKEN=${2:-$HARDCODED_TOKEN}echo "Starting rate limit test..."echo "Endpoint: $ENDPOINT"echo "Maximum requests: $MAX_REQUESTS"for i in $(seq 1 $MAX_REQUESTS); do # Make request and capture both HTTP status code and response body response=$(curl -s -w "\n%{http_code}" \ -H "Authorization: Token $TOKEN" \ -H "Content-Type: application/json" \ "$ENDPOINT") # Extract status code from last line status_code=$(echo "$response" | tail -n1) # Extract response body (everything except last line) body=$(echo "$response" | sed \$d) echo "Request $i - Status Code: $status_code" # Check if we hit the rate limit if [ "$status_code" -eq 429 ]; then echo "Rate limit hit after $i requests!" echo "Error response:" echo "$body" exit 0 fidoneecho "Completed $MAX_REQUESTS requests without hitting rate limit."
3. Make the script executable:
chmod +x test_rate_limit.sh
Usage
Basic Run (110 requests)
./test_rate_limit.sh
Auth setup:
You can update HARDCODED_TOKEN variable inside the script, or pass it as an argument when running the script.
To run it as part of the script command.
./test_rate_limit.sh 110 <token>
Custom Request Count
./test_rate_limit.sh 150 # Will send up to 150 requests
What to expect:
1. It will show the endpoint and maximum requests
2. For each request, you'll see the status code
3. If rate limit is hit (HTTP 429):
4. If no rate limit is hit, shows completion message
SPEC DOC LINK:
https://docs.google.com/document/d/1l9r-t6mcwirwnxkjxdZ2HF3QWPEzanZ46Azi7F0B2nQ/edit?tab=t.0
DEMO VIDEO:
https://www.loom.com/share/d8cc5c2c5c5a4dc58df78de843cd07d5?sid=aa540f7c-9c38-4523-9085-301bdec5871e
Uh oh!
There was an error while loading.Please reload this page.
What is in the PR?
Add implementation to secure coverage and crashmanager API endpoints with rate-limiting.
This uses Throttling from Django rest framework and Redis cache db to store user request rate data.
Rate Limit Testing Script
A simple bash script to test API rate limiting. The script sends consecutive requests to an endpoint until it receives a rate limit response (HTTP 429) or reaches the maximum request count.
Setup
1. Create the script file:
2. Copy the script content into
test_rate_limit.sh3. Make the script executable:
chmod +x test_rate_limit.shUsage
Basic Run (110 requests)
./test_rate_limit.shAuth setup:
You can update HARDCODED_TOKEN variable inside the script, or pass it as an argument when running the script.
To run it as part of the script command.
./test_rate_limit.sh 110 <token>Custom Request Count
./test_rate_limit.sh 150 # Will send up to 150 requestsWhat to expect:
1. It will show the endpoint and maximum requests
2. For each request, you'll see the status code
3. If rate limit is hit (HTTP 429):
Shows which request triggered the limit
Displays the server's error response
4. If no rate limit is hit, shows completion message
SPEC DOC LINK:
https://docs.google.com/document/d/1l9r-t6mcwirwnxkjxdZ2HF3QWPEzanZ46Azi7F0B2nQ/edit?tab=t.0
DEMO VIDEO:
https://www.loom.com/share/d8cc5c2c5c5a4dc58df78de843cd07d5?sid=aa540f7c-9c38-4523-9085-301bdec5871e