Rate Limiting + Request/Response logging

[jensenbox]

I would love to see if there is a way to wire up some sort of hook or middleware that I could use to connect request logging with optional rate limiting/blocking.

I am thinking it would be useful for accounts that have different rate limits or quotas.

Where would I insert this to best capture all traffic and allow for a 429 or something to that effect?

[bufke]

django-ninja-extra supports rate limiting.

Personally I use the django-ninja auth function for this. It runs before any api logic runs, which is what I want. You can raise a 429 exception from it. Logging could be done here too. Here's a slightly over-complicated example where I throttle some API usage and log some things. I went with a custom function because my business logic is so specific. Auth can also be set for the whole api, a router, or just a function. IMO it works fine but one could bristle at my choice to log things in a file called authentication.py