Adriano
86df67f2e5
The default 2-worker gunicorn could only serve 2 concurrent tablet requests, queueing the rest, and the rate limiter saw every tablet as the same Nginx container IP, so 20 users would have collectively burned through the 100 req/min general bucket. - gunicorn: 5 workers x 4 gthread, --forwarded-allow-ips=*, access log - uvicorn: 4 workers, --proxy-headers, --forwarded-allow-ips=* - RateLimitMiddleware: resolve real client IP from X-Forwarded-For -> X-Real-IP -> request.client.host - Bump rate_limit_general 100 -> 300 req/min/IP (per tablet now) - Flask: ProxyFix(x_for=1, x_proto=1, x_host=1) so request.remote_addr is the tablet IP, not the Nginx IP - APIClient: forward X-Forwarded-For + X-Real-IP to FastAPI for both JSON and multipart/files calls; safe no-op outside request context - 12 new tests (7 server + 5 client) covering header precedence, forwarding behavior and ProxyFix install Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
66 lines
1.9 KiB
Python
66 lines
1.9 KiB
Python
"""Tests for RateLimitMiddleware honoring proxy headers (X-Forwarded-For)."""
|
|
from middleware.rate_limit import RateLimitMiddleware
|
|
|
|
|
|
class _FakeRequest:
|
|
"""Minimal stand-in for starlette.requests.Request."""
|
|
|
|
def __init__(self, headers: dict[str, str], host: str | None = "10.0.0.1"):
|
|
self.headers = headers
|
|
|
|
class _Client:
|
|
pass
|
|
|
|
if host is None:
|
|
self.client = None
|
|
else:
|
|
self.client = _Client()
|
|
self.client.host = host
|
|
|
|
|
|
def test_client_ip_uses_x_forwarded_for_first_hop():
|
|
req = _FakeRequest(
|
|
headers={"x-forwarded-for": "203.0.113.5, 10.0.0.2"},
|
|
host="10.0.0.1",
|
|
)
|
|
assert RateLimitMiddleware._client_ip(req) == "203.0.113.5"
|
|
|
|
|
|
def test_client_ip_strips_whitespace():
|
|
req = _FakeRequest(headers={"x-forwarded-for": " 198.51.100.7 "})
|
|
assert RateLimitMiddleware._client_ip(req) == "198.51.100.7"
|
|
|
|
|
|
def test_client_ip_falls_back_to_x_real_ip():
|
|
req = _FakeRequest(headers={"x-real-ip": "203.0.113.99"}, host="10.0.0.1")
|
|
assert RateLimitMiddleware._client_ip(req) == "203.0.113.99"
|
|
|
|
|
|
def test_client_ip_falls_back_to_request_client_host():
|
|
req = _FakeRequest(headers={}, host="172.18.0.5")
|
|
assert RateLimitMiddleware._client_ip(req) == "172.18.0.5"
|
|
|
|
|
|
def test_client_ip_returns_unknown_without_client():
|
|
req = _FakeRequest(headers={}, host=None)
|
|
assert RateLimitMiddleware._client_ip(req) == "unknown"
|
|
|
|
|
|
def test_x_forwarded_for_overrides_x_real_ip():
|
|
req = _FakeRequest(
|
|
headers={
|
|
"x-forwarded-for": "203.0.113.5",
|
|
"x-real-ip": "10.0.0.2",
|
|
},
|
|
host="10.0.0.1",
|
|
)
|
|
assert RateLimitMiddleware._client_ip(req) == "203.0.113.5"
|
|
|
|
|
|
def test_empty_x_forwarded_for_falls_through():
|
|
req = _FakeRequest(
|
|
headers={"x-forwarded-for": "", "x-real-ip": "203.0.113.42"},
|
|
host="10.0.0.1",
|
|
)
|
|
assert RateLimitMiddleware._client_ip(req) == "203.0.113.42"
|