Ensure clients have rate limit enforced

- rate limiting is a hard number per day - not limited in terms of rate of request - limit is a single number held against the service - every notification counts against the limit, regardless of type - return a 429 if limit exceeded.
2026-01-30 14:31:57 -05:00 · 2016-03-09 11:06:37 +00:00
parent 528f570ab6
commit 61a0cf32c8
6 changed files with 175 additions and 18 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -14,6 +14,7 @@ from app.clients.email.aws_ses import AwsSesClient
 from app.encryption import Encryption

 DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
+DATE_FORMAT = "%Y-%m-%d"

 db = SQLAlchemy()
 ma = Marshmallow()
--- a/app/dao/notifications_dao.py
+++ b/app/dao/notifications_dao.py
@@ -11,6 +11,13 @@ def dao_get_notification_statistics_for_service(service_id):
    ).order_by(desc(NotificationStatistics.day)).all()


+def dao_get_notification_statistics_for_service_and_day(service_id, day):
+    return NotificationStatistics.query.filter_by(
+        service_id=service_id,
+        day=day
+    ).order_by(desc(NotificationStatistics.day)).first()
+
+
 def dao_create_notification(notification, notification_type):
    try:
        if notification.job_id:
--- a/app/notifications/rest.py
+++ b/app/notifications/rest.py
@@ -8,9 +8,9 @@ from flask import (
    url_for
 )

-from utils.template import Template, NeededByTemplateError, NoPlaceholderForDataError
+from utils.template import Template

-from app import api_user, encryption, create_uuid, DATETIME_FORMAT
+from app import api_user, encryption, create_uuid, DATETIME_FORMAT, DATE_FORMAT
 from app.authentication.auth import require_admin
 from app.dao import (
    templates_dao,
@@ -127,6 +127,18 @@ def send_notification(notification_type):
        assert False

    service_id = api_user['client']
+    service = services_dao.dao_fetch_service_by_id(api_user['client'])
+
+    service_stats = notifications_dao.dao_get_notification_statistics_for_service_and_day(
+        service_id,
+        datetime.utcnow().strftime(DATE_FORMAT)
+    )
+    if service_stats:
+        total_sms_count = service_stats.sms_requested
+        total_email_count = service_stats.emails_requested
+
+        if total_email_count + total_sms_count >= service.limit:
+            return jsonify(result="error", message='Exceeded send limits ({}) for today'.format(service.limit)), 429

    notification, errors = (
        sms_template_notification_schema if notification_type == 'sms' else email_notification_schema
@@ -167,7 +179,6 @@ def send_notification(notification_type):
            }
        ), 400

-    service = services_dao.dao_fetch_service_by_id(api_user['client'])
    notification_id = create_uuid()

    if notification_type == 'sms':