pytest-clerk 4.0.0__py3-none-any.whl → 4.0.2__py3-none-any.whl

pytest_clerk/clerk.py

@@ -1,8 +1,12 @@
+import logging
+import re
 from contextlib import suppress
+from time import sleep
 
 import httpx
 import pytest
 from decouple import UndefinedValueError, config
+from limits import RateLimitItemPerSecond, storage, strategies
 from tenacity import retry, retry_if_exception, wait_random_exponential
 
 retryable_status_codes = (
@@ -13,6 +17,165 @@ retryable_status_codes = (
     httpx.codes.GATEWAY_TIMEOUT,
 )
 
+logger = logging.getLogger(__name__)
+
+
+class ClerkRateLimiter:
+    """This class manages all of the rate limits for the various API endpoints of Clerk
+    for both the front end and back end APIs.
+    """
+
+    def __init__(self):
+        """Initialize all of the rate limits."""
+        # Use an instance of an object to specify the "no limits" default. This is so
+        # that we don't pass any `is None` checks when the default is specified as no
+        # limits.
+        self.no_limit = object()
+        self.backend_rate_limits = {
+            # 20 requests per 10 seconds.
+            "POST": {r"/v1/users": RateLimitItemPerSecond(amount=20, multiples=10)},
+            # No rate limits.
+            "GET": {r"/v1/jwks": self.no_limit},
+            # 100 requests per 10 seconds.
+            "DEFAULT": RateLimitItemPerSecond(amount=100, multiples=10),
+        }
+        self.frontend_rate_limits = {
+            "POST": {
+                # 3 requests per 10 seconds.
+                r"/v1/client/sign_ins/(?P<sign_in_id>.*?)/attempt_first_factor": RateLimitItemPerSecond(
+                    amount=3, multiples=10
+                ),
+                # 3 requests per 10 seconds.
+                r"/v1/client/sign_ins/(?P<sign_in_id>.*?)/attempt_second_factor": RateLimitItemPerSecond(
+                    amount=3, multiples=10
+                ),
+                # 3 requests per 10 seconds.
+                r"/v1/client/sign_ups/(?P<sign_up_id>.*?)/attempt_verification": RateLimitItemPerSecond(
+                    amount=3, multiples=10
+                ),
+                # 5 requests per 10 seconds.
+                r"/v1/client/sign_ins": RateLimitItemPerSecond(amount=5, multiples=10),
+                # 5 requests per 10 seconds.
+                r"/v1/client/sign_ups": RateLimitItemPerSecond(amount=5, multiples=10),
+            }
+        }
+        self.storage = storage.MemoryStorage()
+        self.strategy = strategies.FixedWindowRateLimiter(self.storage)
+
+    def get_rate_limit_item(self, request, rate_limits):
+        """Return the found rate limit item and namespace to use when checking the rate
+        limit for this request.
+
+        The returned namespace should be used as the unique identifier in order to group
+        the various rate limit checks.
+
+        If there is no rate limit specified, the rate limit item will be `None`. If
+        there is a rate limit specified, but it is unlimited, the rate limit item will
+        be `self.no_limit`.
+        """
+        path = request.url.path
+        method = request.method
+        host = request.url.host
+
+        logger.debug(
+            "Searching for rate limit for method %s, host %s, and path %s.",
+            method,
+            host,
+            path,
+        )
+
+        rate_limit_item = None
+        namespace = None
+
+        # Check all the configured rate limits for the method.
+        method_limits = rate_limits.get(method, {})
+        for path_regex, rate_limit in method_limits.items():
+            logger.debug(
+                "Checking if regex %s and rate limit %s matches for method %s, host %s,"
+                " and path %s.",
+                path_regex,
+                rate_limit,
+                method,
+                host,
+                path,
+            )
+
+            if re.match(path_regex, path):
+                rate_limit_item = rate_limit
+                namespace = f"{host}:{path}:{method}"
+                break
+
+        # If we didn't get a limit for the method + path, try the default for that
+        # method.
+        if rate_limit_item is None:
+            logger.debug(
+                "No rate limit found for method %s, host %s, and path %s. Trying"
+                " default rate limit for method %s and host %s.",
+                method,
+                host,
+                path,
+                method,
+                host,
+            )
+            rate_limit_item = method_limits.get("DEFAULT")
+            namespace = f"{host}:{method}"
+
+        # If there was no default limit for the method, try the overall default.
+        if rate_limit_item is None:
+            logger.debug(
+                "No rate limit found for method %s and host %s. Trying global default.",
+                method,
+                host,
+            )
+            rate_limit_item = rate_limits.get("DEFAULT")
+            namespace = host
+
+        logger.debug(
+            "Found rate limit %s with namespace %s for method %s, host %s, and path"
+            " %s.",
+            rate_limit_item,
+            namespace,
+            method,
+            host,
+            path,
+        )
+        return rate_limit_item, namespace
+
+    def rate_limit_hook(self, request):
+        """Check the requeste URL and hit the appropriate rate limit."""
+        # Get the rate limit for the request.
+        if request.url.host == "api.clerk.com":
+            logger.debug("Checking back end rate limits for request %s.", request)
+            rate_limit_item, namespace = self.get_rate_limit_item(
+                request=request, rate_limits=self.backend_rate_limits
+            )
+        else:
+            logger.debug("Checking front end rate limits for request %s.", request)
+            rate_limit_item, namespace = self.get_rate_limit_item(
+                request=request, rate_limits=self.frontend_rate_limits
+            )
+
+        # If the rate limit was specified as unlimited, do nothing.
+        if rate_limit_item is self.no_limit:
+            logger.debug("The rate limit is unlimited for request %s.", request)
+            return
+
+        # If there is no rate limit, do nothing.
+        if rate_limit_item is None:
+            logger.debug("There was no rate limit found for request %s.", request)
+            return
+
+        logger.debug("The rate limit is %s for request %s.", rate_limit_item, request)
+
+        # Check if we hit the rate limit.
+        while not self.strategy.hit(rate_limit_item, namespace):
+            logger.info(
+                "Hit rate limit for namespace %s while making request %s.",
+                namespace,
+                request,
+            )
+            sleep(1)
+
 
 def retry_predicate(exception):
     """Return whether to retry. This depends on getting an exception with a response
@@ -24,6 +187,12 @@ def retry_predicate(exception):
     )
 
 
+@pytest.fixture(scope="session")
+def clerk_rate_limiter():
+    """Return an instance of the Clerk rate limiter for use with HTTPX request hooks."""
+    return ClerkRateLimiter()
+
+
 @pytest.fixture(scope="session")
 def clerk_secret_key(request):
     """Retrieve the clerk secret key to use for the test.
@@ -54,7 +223,7 @@ def clerk_secret_key(request):
 
 
 @pytest.fixture(scope="session")
-def clerk_backend_httpx_client(clerk_secret_key):
+def clerk_backend_httpx_client(clerk_secret_key, clerk_rate_limiter):
     """A fixture that creates a HTTPX Client instance with the required backend Clerk
     Authorization headers set and the correct Clerk backend API base URL.
 
@@ -64,6 +233,7 @@ def clerk_backend_httpx_client(clerk_secret_key):
     client = httpx.Client(
         headers={"Authorization": f"Bearer {clerk_secret_key}"},
         base_url="https://api.clerk.com/v1",
+        event_hooks={"request": [clerk_rate_limiter.rate_limit_hook]},
     )
 
     yield client
@@ -89,7 +259,7 @@ def clerk_frontend_api_url():
 
 
 @pytest.fixture(scope="session")
-def clerk_frontend_httpx_client(clerk_frontend_api_url):
+def clerk_frontend_httpx_client(clerk_frontend_api_url, clerk_rate_limiter):
     """This fixture returns a function that creates an HTTPX Client instance with the
     required frontend Clerk Authorization parameters set and the correct Clerk frontend
     API base URL.
@@ -106,6 +276,7 @@ def clerk_frontend_httpx_client(clerk_frontend_api_url):
     client = httpx.Client(
         params={"__dev_session": result.json()["token"]},
         base_url=f"{clerk_frontend_api_url}/v1",
+        event_hooks={"request": [clerk_rate_limiter.rate_limit_hook]},
     )
 
     yield client

{pytest_clerk-4.0.0.dist-info → pytest_clerk-4.0.2.dist-info}/METADATA

@@ -1,25 +1,19 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: pytest-clerk
-Version: 4.0.0
+Version: 4.0.2
 Summary: A set of pytest fixtures to help with integration testing with Clerk.
-Home-page: https://gitlab.com/munipal-oss/pytest-clerk
 License: MIT
 Author: Ryan Causey
 Author-email: ryan.causey@munipal.io
 Requires-Python: >=3.10,<4.0
 Classifier: Framework :: Pytest
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
 Provides-Extra: aws
-Requires-Dist: httpx (>=0.27.0,<0.28.0)
+Requires-Dist: httpx (>=0.28.0,<1.0.0)
+Requires-Dist: limits (>=4.0.1,<5.0.0)
 Requires-Dist: pytest (>=8.0.0,<9.0.0)
-Requires-Dist: pytest-aws-fixtures (>=3.0.0,<4.0.0) ; extra == "aws"
+Requires-Dist: pytest-aws-fixtures (>=3.0.0,<4.0) ; extra == "aws"
 Requires-Dist: python-decouple (>=3.0,<4.0)
 Requires-Dist: tenacity (>=9.0.0,<10.0.0)
-Project-URL: Repository, https://gitlab.com/munipal-oss/pytest-clerk
 Description-Content-Type: text/markdown
 
 # Pytest Clerk

pytest_clerk-4.0.2.dist-info/RECORD

@@ -0,0 +1,7 @@
+pytest_clerk/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+pytest_clerk/clerk.py,sha256=fjf4Io81i2grKuFE8AwzHd7X9vhjpet7rXTGVsCKhxQ,25203
+pytest_clerk-4.0.2.dist-info/LICENSE,sha256=QLSYHsNt-ZLbbVtDs7h8o8v-V0SlK2BuGe7LmoPOasU,1064
+pytest_clerk-4.0.2.dist-info/METADATA,sha256=I3IhRKapB-S3fpW44d60PewoMAidviBn9GNfIIT9yHs,1291
+pytest_clerk-4.0.2.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+pytest_clerk-4.0.2.dist-info/entry_points.txt,sha256=ps5MgIGlDiWP4lufTAzoQhfwL-GA7rJquc1bqnVR-oA,44
+pytest_clerk-4.0.2.dist-info/RECORD,,

{pytest_clerk-4.0.0.dist-info → pytest_clerk-4.0.2.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 1.9.0
+Generator: poetry-core 2.0.1
 Root-Is-Purelib: true
 Tag: py3-none-any

pytest_clerk-4.0.0.dist-info/RECORD

@@ -1,7 +0,0 @@
-pytest_clerk/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pytest_clerk/clerk.py,sha256=TOTk9lNy-AL6bi4r0DFIo4-dkH0GJtzkY_OSd0Ly2KQ,18599
-pytest_clerk-4.0.0.dist-info/LICENSE,sha256=QLSYHsNt-ZLbbVtDs7h8o8v-V0SlK2BuGe7LmoPOasU,1064
-pytest_clerk-4.0.0.dist-info/METADATA,sha256=XCiYdZ8Rpj4dx1Ziuv4B6IB6U2kT6SirgNan-0QtOhs,1631
-pytest_clerk-4.0.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-pytest_clerk-4.0.0.dist-info/entry_points.txt,sha256=ps5MgIGlDiWP4lufTAzoQhfwL-GA7rJquc1bqnVR-oA,44
-pytest_clerk-4.0.0.dist-info/RECORD,,