From b8a0b529dde6291bd12a1a1e4d04c8985ffd0f5b Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 11 Apr 2023 21:08:51 +0200
Subject: [PATCH] Turns out the memory storage of Limiter is only for dev env,
 not reliable in prod, use redis instead

---
 app.py           | 5 ++++-
 requirements.txt | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app.py b/app.py
index 23b3291..7040067 100644
--- a/app.py
+++ b/app.py
@@ -23,7 +23,10 @@ limiter = Limiter(
     get_remote_address,
     app=app,
     default_limits=["50 per hour"],
-    storage_uri="memory://",
+    #storage_uri="memory://",   # <- For development
+    storage_uri="redis://localhost:6379",
+    storage_options={"socket_connect_timeout": 30},
+    strategy="fixed-window", # or "moving-window"
 )
 
 assert os.path.isdir(
diff --git a/requirements.txt b/requirements.txt
index 99dc8c2..bd3c97f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,10 @@
+async-timeout==4.0.2
 bcrypt==4.0.1
 click==8.1.3
 commonmark==0.9.1
 Deprecated==1.2.13
 Flask==2.2.2
-Flask-Limiter==3.1.0
+Flask-Limiter==3.3.0
 gunicorn==20.1.0
 importlib-metadata==6.0.0
 itsdangerous==2.1.2
@@ -14,6 +15,7 @@ ordered-set==4.1.0
 packaging==23.0
 Pygments==2.14.0
 PyYAML==6.0
+redis==4.5.4
 rich==12.6.0
 typing-extensions==4.4.0
 Werkzeug==2.2.2