-
-
Notifications
You must be signed in to change notification settings - Fork 771
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is Connexion 3 Compatible with Flask-Limiter? Recommendations for Flask rate-limiting with Connexion 3.0? #1942
Comments
+1 on this |
Tried removing our rate limiting logic, and it looks to me that there is a bigger issue here: Connexion's security handlers are now performed by middleware that exist outside of the Flask application, so it is not possible to access the Flask request context in the security handlers. Unfortunately for us, we have a dependency on Flask SQLAlchemy for our security handling that relies on access to the flask request context:
Stacktrace:
There was a recent change to allow the security handling logic access to the ConnexionRequest request object, but that doesn't help us here because our dependency needs access to the flask application context. @RobbeSneyders since you recently worked on passing the ConnexionRequest to the security handler - do you have any recommendations for our use case? Essentially we have dependencies in our security handling path that requires access to the flask application context, and this does not seem possible in Connexion 3.0 |
Being able to access the flask application context, and, in particular, the FlaskSQLAlchemy at the Security Middleware is utterly important to my case as well, and I'm having a really really hard time from moving of Connexion2 to Connexion3. |
Background
Flask-Limiter is a popular tool used to rate-limit endpoints of Flask applications.
We currently use it on our Flask server using connexion 2.14.2. However, due to the ASGI nature of Connexion 3.0, we are facing issues with the extension.
A basic use case of Flask-Limiter would be:
Internally, Flask-Limiter uses
flask.request.endpoint
to retrieve the key it should use to rate-limit for, but I don't thinkflask.request
is really accessible in connexion 3.0. Whenever I attempt to, I get an exception statingAttempted Solution
As I understand from reading the migration docs, connexion requests are now Starlette requests that can be retrieved via
from connexion import request
, so I attempted to take advantage of this. Flask-Limiter allows you define a callable in the Flask configRATELIMIT_REQUEST_IDENTIFIER
that replaces the use of flask.Request.endpoint, so I tried the following:Unfortunately, this never seems to be within the scope of a connexion request as I still get the same Runtime exception:
My Questions
The text was updated successfully, but these errors were encountered: