Rate limiting (Magic Links)

DjipFast has rate limiting of magic link emails built in.

The lifetime of a magic link is set to 15 minutes by default.

config/settings.py

SESAME_MAX_AGE = 15 * 60  # 15 minutes

We limit the number of magic links that can be requested within a given time frame (default 1 request per minute). The limit applies to both the email and the IP address.

user/views.py

# ...
email_cache_key = f'login_attempt_email_{email}'
ip_cache_key = f'login_attempt_ip_{ip_address}'

if is_rate_limited(email_cache_key, 60) or is_rate_limited(ip_cache_key, 60):
    return HttpResponse('''
        <div class="bg-warning p-4 rounded-lg text-center font-bold text-black">
            🦥 Please wait 1 minute before requesting another login link.
        </div>
    ''')
# ...