orchard/backend/app/rate_limit.py

"""Rate limiting configuration for Orchard API.

Uses slowapi for rate limiting with IP-based keys.
"""

import os
from slowapi import Limiter
from slowapi.util import get_remote_address

# Rate limiter - uses IP address as key
limiter = Limiter(key_func=get_remote_address)

# Rate limit strings - configurable via environment for testing
# Default: 5 login attempts per minute per IP
# In tests: set ORCHARD_LOGIN_RATE_LIMIT to a high value like "1000/minute"
LOGIN_RATE_LIMIT = os.environ.get("ORCHARD_LOGIN_RATE_LIMIT", "5/minute")