Church-Music/legacy-site/documentation/md-files/RATE_LIMITING_SETUP.md

Rate Limiting Configuration for Flask Backend

Add this to requirements.txt

flask-limiter

redis # Optional: for distributed rate limiting

""" Rate limiting implementation - add to app.py """

At the top of app.py, add

from flask_limiter import Limiter from flask_limiter.util import get_remote_address

After creating app, add

limiter = Limiter( app=app, key_func=get_remote_address, default_limits=["200 per day", "50 per hour"], storage_uri="memory://" # Use redis:// for production with multiple workers )

Apply rate limiting to specific endpoints

@app.route('/api/profiles', methods=['GET','POST']) @limiter.limit("100 per hour") def profiles(): # ... existing code ... pass

@app.route('/api/songs', methods=['GET','POST']) @limiter.limit("100 per hour") def songs(): # ... existing code ... pass

@app.route('/api/search_external') @limiter.limit("30 per hour") # More restrictive for external API calls def search_external(): # ... existing code ... pass

@app.route('/api/upload_lyric', methods=['POST']) @limiter.limit("10 per hour") # File uploads should be rate limited def upload_lyric(): # ... existing code ... pass