`duck.http.middlewares.security.requestslimit`¶

High-performance rate-limiting middleware using InMemoryCache expiry-based counters.

This implementation uses a fixed window algorithm:

This design provides:

Module Contents¶

High-speed request limiter using expiry-based counters.

class duck.http.middlewares.security.requestslimit.RequestsLimitMiddleware¶

High-speed request limiter using expiry-based counters.

Variables:

_clients – Cache storing counters per client IP. Keys automatically expire after the configured window duration.
requests_delay – Duration (in seconds) forming the rate-limit window.
max_requests – Maximum number of requests allowed within the window.

classmethod _process_request(request)¶

Core request-processing logic.

Flow:

Extract client IP.
Fetch current request count from cache.
If count is missing -> this is first request in the window. Create count=1 with expiry.
If count >= max_requests -> reject.
Otherwise increment counter and update expiry.

This implementation does not store timestamps and does not scan arrays. It relies fully on cache expiry to define the time window.

classmethod get_error_response(request)¶

Creates a 429 Too Many Requests HTTP response.

Includes additional debugging information when DEBUG is enabled.

classmethod get_readable_limit() → str¶

Returns a user-friendly description of the rate limit.

… rubric:: Example

“200 requests per 60 seconds”

max_requests: int¶

200

Maximum number of allowed requests within the requests_delay window.

classmethod process_request(request)¶

Framework entry point.

Wraps the internal handler and ensures the server always fails open instead of blocking requests due to middleware errors.

requests_delay: float¶

60

Duration in seconds defining the time window for request counting.