~12 min · library, middleware, rate-limit
connect handler 가 middleware 자리: auth, 버전 체크, geo-block, rate-limit 등록. 유용한 payload 가진 ConnectionRefusedError(code, message) raise — Socket.IO 가 둘 다 클라의 connect_error event 에 노출.
Rate-limit decorator 짜서 필요한 event (chat send, file upload) 에 적용. read-only event 엔 skip. sid 로 keyed 한 window 저장; connection 별 timestamp 의 작은 deque 면 충분.
@sio.event
async def connect(sid, environ, auth):
token = (auth or {}).get('token')
user = decode_jwt(token) if token else None
if not user:
raise socketio.exceptions.ConnectionRefusedError(
'unauthorized',
'token missing or invalid',
)
if user.get('disabled'):
raise socketio.exceptions.ConnectionRefusedError(
'forbidden',
'account disabled',
)
await sio.save_session(sid, {'user': user})from collections import defaultdict, deque
import time, functools
windows = defaultdict(deque) # sid -> deque of timestamps
def rate_limit(per_second=20):
def deco(fn):
@functools.wraps(fn)
async def wrapper(sid, *args, **kwargs):
now = time.time()
w = windows[sid]
while w and now - w[0] > 1.0:
w.popleft()
if len(w) >= per_second:
await sio.emit('error',
{'code': 'rate_limited', 'message': 'slow down'},
to=sid)
return
w.append(now)
return await fn(sid, *args, **kwargs)
return wrapper
return deco
@sio.on('chat:message')
@rate_limit(per_second=20)
async def chat(sid, data):
# ...
pass아직 댓글이 없어요. 첫 댓글을 남겨보세요.