fix: accept a single limit string for default_limits/application_limits (fixes #239)#278
fix: accept a single limit string for default_limits/application_limits (fixes #239)#278gaoflow wants to merge 1 commit into
Conversation
gaoflow
changed the title
Limiter(default_limits="1/second") and application_limits accepted a bare string but crashed later with an opaque AttributeError when a limit was exceeded, because the string was iterated character-by-character instead of being treated as one limit. Coerce a str to a single-element list at parse time so a bare string works the same as a one-item list. Fixes laurentS#239.
gaoflow
force-pushed
the
fix-239-default-limits-string
branch
from
be77b70 to
d15d612
Compare
|
Hi @gaoflow I wonder what brought the need for this fix. The |
|
Good question. The trigger is that both loops iterate the argument directly: You are right that I went with coercion as the forgiving option, but if you would rather keep the typing strict and fail fast, I am happy to switch this to an explicit early |
|
OK, AI slop as I thought. Closing |
2 participants
Summary
Limiter(default_limits="1/minute")— passing a single limit as a string rather than a list — crashes when a limit is hit:__init__iteratesdefault_limits(andapplication_limits), and iterating a string yields its characters, so"1/minute"becomes eight invalid one-character limits ({'1', '/', 'm', 'i', ...}). At request time each fails to parse; the resultingValueErroris then routed to the rate-limit handler, which expects aRateLimitExceededand reads.detail— masking the real cause.Fix
Coerce a bare string to a single-element list for both
default_limitsandapplication_limits. This is the coercion the issue suggested, and matches the "string or list of strings" the docstring already advertises.Tests
Added regression tests (run across all three middleware/handler combinations) asserting that a string
default_limits/application_limitsstores exactly one limit and is enforced (200 then 429) instead of crashing. Full local suite: 109 passed.