Merge remote-tracking branch 'upstream/master' into fix-1719

Conflicts: rest_framework/templates/rest_framework/base.html
author: Cezar Pendarovski 2014-08-25 17:28:22 +0200
committer: Cezar Pendarovski 2014-08-25 17:28:22 +0200
commit: f6cbd88618553c394b5c62761ec1506e903de267 (patch)
tree: 6e557dbb3ccb2ce7f864efe78658ca2a44937282 /rest_framework/throttling.py
parent: 4d582fd9ffcb6ec28247e95b63134c00cc131780 (diff)
parent: 21a0a826bba3df01e72ea8b0390e05d50cf9a854 (diff)
download: django-rest-framework-f6cbd88618553c394b5c62761ec1506e903de267.tar.bz2
1 files changed, 23 insertions, 4 deletions
diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
index 91be9cfd..361dbddf 100644
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -18,6 +18,25 @@ class BaseThrottle(object):
         """
         raise NotImplementedError('.allow_request() must be overridden')
 
+    def get_ident(self, request):
+        """
+        Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
+        if present and number of proxies is > 0. If not use all of
+        HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
+        """
+        xff = request.META.get('HTTP_X_FORWARDED_FOR')
+        remote_addr = request.META.get('REMOTE_ADDR')
+        num_proxies = api_settings.NUM_PROXIES
+
+        if num_proxies is not None:
+            if num_proxies == 0 or xff is None:
+                return remote_addr
+            addrs = xff.split(',')
+            client_addr = addrs[-min(num_proxies, len(xff))]
+            return client_addr.strip()
+
+        return xff if xff else remote_addr
+
     def wait(self):
         """
         Optionally, return a recommended number of seconds to wait before
@@ -41,7 +60,7 @@ class SimpleRateThrottle(BaseThrottle):
 
     cache = default_cache
     timer = time.time
-    cache_format = 'throtte_%(scope)s_%(ident)s'
+    cache_format = 'throttle_%(scope)s_%(ident)s'
     scope = None
     THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES
 
@@ -162,7 +181,7 @@ class AnonRateThrottle(SimpleRateThrottle):
 
         return self.cache_format % {
             'scope': self.scope,
-            'ident': ident
+            'ident': self.get_ident(request)
         }
 
 
@@ -180,7 +199,7 @@ class UserRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             ident = request.user.id
         else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
 
         return self.cache_format % {
             'scope': self.scope,
@@ -228,7 +247,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             ident = request.user.id
         else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
 
         return self.cache_format % {
             'scope': self.scope,
author	Cezar Pendarovski	2014-08-25 17:28:22 +0200
committer	Cezar Pendarovski	2014-08-25 17:28:22 +0200
commit	f6cbd88618553c394b5c62761ec1506e903de267 (patch)
tree	6e557dbb3ccb2ce7f864efe78658ca2a44937282 /rest_framework/throttling.py
parent	4d582fd9ffcb6ec28247e95b63134c00cc131780 (diff)
parent	21a0a826bba3df01e72ea8b0390e05d50cf9a854 (diff)
download	django-rest-framework-f6cbd88618553c394b5c62761ec1506e903de267.tar.bz2