Protecting the app
Shortly after you deploy your app in production, users will at best, misuse it, and at worst, attack it. It is therefore worthwhile being defensive from the outset by adding rate limiting and request validation.
Rate limiting limits the rate at which a remote client can make requests to the app. This prevents a user from overloading the app with their requests, thereby preventing other users from using the app.
Validation ensures that the JSON data received (or replied) matches an expected structure. This is helpful as it means an error message is displayed if the JSON data is structurally incorrect. It also mitigates against users sending structures that result in errors or issues in the app.
Adding rate limiting
We’ll use the Quart extension called Quart-Rate-Limiter to enforce rate limits, which is installed by running the following command in the backend directory:
pdm add quart-rate-limiter
We can now activate RateLimiter
by adding...