flip_api.utils.rate_limiter

Rate limiter configuration for trust-facing API endpoints.

Attributes

limiter

Functions

_trust_name_key(→ str)

Per-trust rate-limit key for trust-facing endpoints.

Module Contents

flip_api.utils.rate_limiter._trust_name_key(request: fastapi.Request) → str

Per-trust rate-limit key for trust-facing endpoints.

The trust-poll endpoints (/tasks/pending, /trust/heartbeat) carry no trust_name path param and sit behind a TLS-terminating proxy (CloudFront → ALB → flip-api), so request.client.host is the proxy address — the same for every trust. Keying on it collapses each endpoint’s per-trust limit into a single global one shared by all trusts. Key on a hash of the trust API key header instead, so every trust is rate-limited independently. Fall back to the trust_name path param, then the client host.

Parameters:

request (Request) – The incoming FastAPI request.

Returns:

A stable per-trust key — trust:<hash> when the API key header is present, otherwise the trust_name path param or the client host.

Return type:

str

flip_api.utils.rate_limiter.limiter