Rate limit concurrent user requests
We should add the ability to configure a concurrent active request rate limit per user.
How to test
-
Start the backend with multiple gunicorn workers to allow simultaneous requests
gunicorn -w 5 -b 0.0.0.0:8000 baserow.config.wsgi:application
. -
The default value in
base.py
is:REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"] = { "simultaneous_user_requests": "1/min", }
-
Add a
time.sleep(10)
to one of the endpoints, I was using the list fields API endpoint because that one can also be used via the database token auth. -
Make 2 concurrent requests to that endpoint with a "non-staff" user, the second one should fail with a 429 error.
-
Rate limit should not apply for authenticated non staff users.
-
The web-frontend interface should fully work as expected and never run into any rate limit error.