ethyca · PSalant726 · May 6, 2022 · May 5, 2022 · May 6, 2022
diff --git a/fideslog/api/endpoints/events.py b/fideslog/api/endpoints/events.py
@@ -7,7 +7,6 @@
 from ..database.data_access import create_event
 from ..database.database import get_db
 from ..models.analytics_event import AnalyticsEvent
-from ..rate_limiter import rate_limiter
 
 log = getLogger(__name__)
 router = APIRouter(tags=["Events"], prefix="/events")
@@ -21,15 +20,14 @@
         status.HTTP_429_TOO_MANY_REQUESTS: {
             "content": {
                 "application/json": {
-                    "example": {"error": "Rate limit exceeded: 6 per minute"}
+                    "example": {"error": "Rate limit exceeded: 20 per 1 minute"}
                 }
             },
             "description": "Rate limit exceeded",
         }
     },
     status_code=status.HTTP_201_CREATED,
 )
-@rate_limiter.limit("6/minute")
 async def create(
     request: Request,  # pylint: disable=unused-argument
     event: AnalyticsEvent,

diff --git a/fideslog/api/main.py b/fideslog/api/main.py
@@ -6,18 +6,20 @@
 from fastapi import FastAPI, Request, Response, status
 from fastapi.responses import JSONResponse
 from slowapi.errors import RateLimitExceeded
-from slowapi.extension import _rate_limit_exceeded_handler
+from slowapi.extension import Limiter, _rate_limit_exceeded_handler
+from slowapi.middleware import SlowAPIMiddleware
+from slowapi.util import get_remote_address
 from uvicorn import run
 
 from fideslog.api.config import ServerSettings, config
-from fideslog.api.rate_limiter import rate_limiter
 from fideslog.api.routes.api import api_router
 
 log = logging.getLogger("fideslog.api.main")
 
 app = FastAPI(title="fideslog")
-app.state.limiter = rate_limiter
+app.state.limiter = Limiter(key_func=get_remote_address, default_limits=["20/minute"])
 app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
+app.add_middleware(SlowAPIMiddleware)
 app.include_router(api_router)
 
 
@@ -26,8 +28,8 @@
 async def require_version_header(request: Request, call_next: Callable) -> Response:
     """
     Enforce that the `X-Fideslog-Version` header was included on the request.
-    Does not apply to the `/docs`, `/openapi.json`, and `/redoc` endpoints,
-    to ensure that they remain publicly available.
+    Does not apply to the `/docs`, `/health`, `/openapi.json`, and `/redoc`
+    endpoints, to ensure that they remain publicly available.
 
     This header is intentionally undocumented, for mildly increased security.
     """

diff --git a/fideslog/api/rate_limiter.py b/fideslog/api/rate_limiter.py
diff --git a/fideslog/api/routes/api.py b/fideslog/api/routes/api.py
@@ -4,7 +4,6 @@
 from fastapi.responses import JSONResponse
 
 from ..endpoints.events import router as event_router
-from ..rate_limiter import rate_limiter
 
 api_router = APIRouter()
 api_router.include_router(event_router)
@@ -20,15 +19,14 @@
         status.HTTP_429_TOO_MANY_REQUESTS: {
             "content": {
                 "application/json": {
-                    "example": {"error": "Rate limit exceeded: 6 per minute"}
+                    "example": {"error": "Rate limit exceeded: 20 per 1 minute"}
                 }
             },
             "description": "Rate limit exceeded",
         },
     },
     tags=["Health"],
 )
-@rate_limiter.limit("6/minute")
 async def health(request: Request) -> JSONResponse:  # pylint: disable=unused-argument
     """Confirm that the API is running and healthy."""