From b0f89002fc731c2bdd4297bfef9f4d126e175311 Mon Sep 17 00:00:00 2001
From: Pedro Nascimento <pedrovitor.marques@gmail.com>
Date: Mon, 2 Sep 2024 16:56:58 -0300
Subject: [PATCH] Implement Rate Limiter

---
 app/routers/frontend.py | 10 ++++++++--
 app/types/frontend.py   |  4 ++--
 poetry.lock             | 34 +++++++++++++++++++++++++++++++++-
 pyproject.toml          |  1 +
 4 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/app/routers/frontend.py b/app/routers/frontend.py
index 562dff1..dd5aeea 100644
--- a/app/routers/frontend.py
+++ b/app/routers/frontend.py
@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 from typing import Annotated, List
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, Request
 from tortoise.exceptions import ValidationError
-
+from fastapi_simple_rate_limiter import rate_limiter
 from app.dependencies import (
     get_current_frontend_user
 )
@@ -45,9 +45,11 @@ async def get_user_info(
 
 
 @router.get("/patient/header/{cpf}")
+@rate_limiter(limit=5, seconds=60)
 async def get_patient_header(
     _: Annotated[User, Depends(get_current_frontend_user)],
     cpf: str,
+    request: Request,
 ) -> PatientHeader:
     validator = CPFValidator()
     try:
@@ -79,9 +81,11 @@ async def get_patient_header(
 
 
 @router.get("/patient/summary/{cpf}")
+@rate_limiter(limit=5, seconds=60)
 async def get_patient_summary(
     _: Annotated[User, Depends(get_current_frontend_user)],
     cpf: str,
+    request: Request,
 ) -> PatientSummary:
 
     results = await read_bq(
@@ -114,9 +118,11 @@ async def get_filter_tags(
 
 
 @router.get("/patient/encounters/{cpf}")
+@rate_limiter(limit=5, seconds=60)
 async def get_patient_encounters(
     _: Annotated[User, Depends(get_current_frontend_user)],
     cpf: str,
+    request: Request,
 ) -> List[Encounter]:
 
     results = await read_bq(
diff --git a/app/types/frontend.py b/app/types/frontend.py
index 044ab9a..5f48c89 100644
--- a/app/types/frontend.py
+++ b/app/types/frontend.py
@@ -10,10 +10,10 @@ def __init__(
         self,
         username: str,
         password: str,
-        totp: str,
+        totp_code: str,
     ):
         super().__init__(username=username, password=password)
-        self.totp = totp
+        self.totp_code = totp_code
 
 
 # Clinic Family model
diff --git a/poetry.lock b/poetry.lock
index 7dad60e..6e99979 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -613,6 +613,20 @@ typing-extensions = ">=4.8.0"
 [package.extras]
 all = ["email-validator (>=2.0.0)", "httpx (>=0.23.0)", "itsdangerous (>=1.1.0)", "jinja2 (>=2.11.2)", "orjson (>=3.2.1)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.7)", "pyyaml (>=5.3.1)", "ujson (>=4.0.1,!=4.0.2,!=4.1.0,!=4.2.0,!=4.3.0,!=5.0.0,!=5.1.0)", "uvicorn[standard] (>=0.12.0)"]
 
+[[package]]
+name = "fastapi-simple-rate-limiter"
+version = "0.0.4"
+description = "Rate limiter to limit the number of API requests in FastAPI"
+optional = false
+python-versions = "<4.0,>=3.10"
+files = [
+    {file = "fastapi_simple_rate_limiter-0.0.4-py3-none-any.whl", hash = "sha256:2e7e23897793a1e22ad31c4c4674c2f2ace464624c16f998265d9fe36e0f0faa"},
+    {file = "fastapi_simple_rate_limiter-0.0.4.tar.gz", hash = "sha256:fa4e473728ecded6f433240697f7422d84ceeaa92521d0c72b00989c0a573cc8"},
+]
+
+[package.dependencies]
+redis = ">=5.0.1,<6.0.0"
+
 [[package]]
 name = "filelock"
 version = "3.13.1"
@@ -2194,6 +2208,24 @@ maintainer = ["zest.releaser[recommended]"]
 pil = ["pillow (>=9.1.0)"]
 test = ["coverage", "pytest"]
 
+[[package]]
+name = "redis"
+version = "5.0.8"
+description = "Python client for Redis database and key-value store"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "redis-5.0.8-py3-none-any.whl", hash = "sha256:56134ee08ea909106090934adc36f65c9bcbbaecea5b21ba704ba6fb561f8eb4"},
+    {file = "redis-5.0.8.tar.gz", hash = "sha256:0c5b10d387568dfe0698c6fad6615750c24170e548ca2deac10c649d463e9870"},
+]
+
+[package.dependencies]
+async-timeout = {version = ">=4.0.3", markers = "python_full_version < \"3.11.3\""}
+
+[package.extras]
+hiredis = ["hiredis (>1.0.0)"]
+ocsp = ["cryptography (>=36.0.1)", "pyopenssl (==20.0.1)", "requests (>=2.26.0)"]
+
 [[package]]
 name = "regex"
 version = "2024.7.24"
@@ -2855,4 +2887,4 @@ dev = ["black (>=19.3b0)", "pytest (>=4.6.2)"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "5715de4721d690e2ecff456af1ed2d255f810d0c660d5cb7f26bd307d92e4199"
+content-hash = "5fc1242cb6d7fb62f1eb325524eab82ec4506e439623f47e82bf1dbcf4ba0a8e"
diff --git a/pyproject.toml b/pyproject.toml
index f9022a8..dc6887e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -33,6 +33,7 @@ nltk = "^3.9.1"
 asyncer = "^0.0.8"
 qrcode = "^7.4.2"
 pyotp = "^2.9.0"
+fastapi-simple-rate-limiter = "^0.0.4"
 
 
 [tool.poetry.group.dev.dependencies]