Hi,
could it perhaps be added that default_identifier in the documentation is not an identifier per which we limit, but just an identifier that is used to exactly this - identify the key in Redis?
Coming to a web-app limiting library one could think that there are features like limiting per identifier (for example to limit requests to an endpoint by IP or by email address) - but as far as I'm understanding PyRate Limiter library (which is now used by fastapi-limiter) correctly - this is not the case.
Seems like in PyRate Limiter needs a Bucket per limit, so no matter the identifier send to Bucket, it will always count the sum of items in the Bucket.
Please correct me if I'm wrong, but as far as I can see currently there is no option to limit access per identifier unless you create a bucket for each of those identifiers which would probably be a totally inefficient way to handle this - making some of the common use cases like the before-mentioned limiting by email or by ip address essentially impossible.
If that is the case, it would be highly beneficial to add this information to docs IMO. (would be happy to drop the PR myself if the assumptions turn out correct)
Regards
Hi,
could it perhaps be added that
default_identifierin the documentation is not an identifier per which we limit, but just an identifier that is used to exactly this - identify the key in Redis?Coming to a web-app limiting library one could think that there are features like limiting per identifier (for example to limit requests to an endpoint by IP or by email address) - but as far as I'm understanding PyRate Limiter library (which is now used by fastapi-limiter) correctly - this is not the case.
Seems like in PyRate Limiter needs a Bucket per limit, so no matter the identifier send to Bucket, it will always count the sum of items in the Bucket.
Please correct me if I'm wrong, but as far as I can see currently there is no option to limit access per identifier unless you create a bucket for each of those identifiers which would probably be a totally inefficient way to handle this - making some of the common use cases like the before-mentioned limiting by email or by ip address essentially impossible.
If that is the case, it would be highly beneficial to add this information to docs IMO. (would be happy to drop the PR myself if the assumptions turn out correct)
Regards