fix rate limit headers - were ints/floats need to be strings

Running under gunicorn rest requests were crashing. Not all of the
values for the rate limit headers were strings. Some were
numbers. This caused the header generation for wsgi to fail. Now the
values are all strings.

Author: rouilj

roundup/cgi/actions.py

@@ -1264,7 +1264,7 @@ def handle(self):
                 if reject:
                     # User exceeded limits: find out how long to wait
                     status=gcra.status(rlkey, limit)
-                    raise Reject(_("Logins occurring too fast. Please wait: %d seconds.")%status['Retry-After'])
+                    raise Reject(_("Logins occurring too fast. Please wait: %s seconds.")%status['Retry-After'])
 
             self.verifyLogin(self.client.user, password)
         except exceptions.LoginError as err:

roundup/rate_limit.py

@@ -79,39 +79,42 @@ def status(self, key, limit):
 
         ret = {}
         tat = self.get_tat(key)
-
         # static defined headers according to limit
-        ret['X-RateLimit-Limit'] = limit.count
-        ret['X-RateLimit-Limit-Period'] = int(limit.period.total_seconds())
+        # all values are strings as that is required when used as headers
+        ret['X-RateLimit-Limit'] = str(limit.count)
+        ret['X-RateLimit-Limit-Period'] = str(
+                                           int(
+                                            limit.period.total_seconds())
+                                          )
 
         # status of current limit as of now
         now = datetime.utcnow()
 
-        ret['X-RateLimit-Remaining'] = min(int(
-            (limit.period - (tat - now)).total_seconds() \
-             /limit.inverse),ret['X-RateLimit-Limit'])
+        current_count = int((limit.period - (tat - now)).total_seconds()\
+                            /limit.inverse)
+        ret['X-RateLimit-Remaining'] = str(min(current_count,limit.count))
 
         # tat_in_epochsec = (tat - datetime(1970, 1, 1)).total_seconds()
         seconds_to_tat = (tat - now).total_seconds()
-        ret['X-RateLimit-Reset'] = max(seconds_to_tat, 0)
+        ret['X-RateLimit-Reset'] = str(max(seconds_to_tat, 0))
         ret['X-RateLimit-Reset-date'] = "%s"%tat
-        ret['Now'] = (now - datetime(1970,1,1)).total_seconds()
+        ret['Now'] = str((now - datetime(1970,1,1)).total_seconds())
         ret['Now-date'] = "%s"%now
 
         if self.update(key, limit, testonly=True):
             # A new request would be rejected if it was processes.
             # The user has to wait until an item is dequeued.
             # One item is dequeued every limit.inverse seconds.
-            ret['Retry-After'] = limit.inverse
+            ret['Retry-After'] = str(int(limit.inverse))
             ret['Retry-After-Timestamp'] = "%s"%(now + timedelta(seconds=limit.inverse))
         else:
             # if we are not rejected, the user can post another
             # attempt immediately.
             # Do we even need this header if not rejected?
             # RFC implies this is used with a 503 (or presumably
             # 429 which may postdate the rfc). So if no error, no header?
-            # ret['Retry-After'] = 0
-            # ret['Retry-After-Timestamp'] = ret['Now-date']
+            # ret['Retry-After'] = '0'
+            # ret['Retry-After-Timestamp'] = str(ret['Now-date'])
             pass
 
         return ret

roundup/rest.py

@@ -1778,7 +1778,7 @@ def dispatch(self, method, uri, input):
                     # User exceeded limits: tell humans how long to wait
                     # Headers above will do the right thing for api
                     # aware clients.
-                    msg=_("Api rate limits exceeded. Please wait: %d seconds.")%limitStatus['Retry-After']
+                    msg=_("Api rate limits exceeded. Please wait: %s seconds.")%limitStatus['Retry-After']
                     output = self.error_obj(429, msg, source="ApiRateLimiter")
             else:
                 for header,value in limitStatus.items():

test/rest_common.py

@@ -1001,7 +1001,7 @@ def testRestRateLimit(self):
             # remaining count is correct
             self.assertEqual(
                 self.server.client.additional_headers["X-RateLimit-Remaining"],
-                self.db.config['WEB_API_CALLS_PER_INTERVAL'] -1 - i
+                str(self.db.config['WEB_API_CALLS_PER_INTERVAL'] -1 - i)
                 )
 
         # trip limit
@@ -1014,20 +1014,20 @@ def testRestRateLimit(self):
 
         self.assertEqual(
             self.server.client.additional_headers["X-RateLimit-Limit"],
-            self.db.config['WEB_API_CALLS_PER_INTERVAL'])
+            str(self.db.config['WEB_API_CALLS_PER_INTERVAL']))
         self.assertEqual(
             self.server.client.additional_headers["X-RateLimit-Limit-Period"],
-            self.db.config['WEB_API_INTERVAL_IN_SEC'])
+            str(self.db.config['WEB_API_INTERVAL_IN_SEC']))
         self.assertEqual(
             self.server.client.additional_headers["X-RateLimit-Remaining"],
-            0)
+            '0')
         # value will be almost 60. Allow 1-2 seconds for all 20 rounds.
         self.assertAlmostEqual(
-            self.server.client.additional_headers["X-RateLimit-Reset"],
+            float(self.server.client.additional_headers["X-RateLimit-Reset"]),
             59, delta=1)
         self.assertEqual(
             str(self.server.client.additional_headers["Retry-After"]),
-            "3.0")  # check as string
+            "3")  # check as string
 
         print("Reset:", self.server.client.additional_headers["X-RateLimit-Reset"])
         print("Now realtime pre-sleep:", datetime.utcnow())
@@ -1049,18 +1049,18 @@ def testRestRateLimit(self):
 
         self.assertEqual(
             self.server.client.additional_headers["X-RateLimit-Limit"],
-            self.db.config['WEB_API_CALLS_PER_INTERVAL'])
+            str(self.db.config['WEB_API_CALLS_PER_INTERVAL']))
         self.assertEqual(
             self.server.client.additional_headers["X-RateLimit-Limit-Period"],
-            self.db.config['WEB_API_INTERVAL_IN_SEC'])
+            str(self.db.config['WEB_API_INTERVAL_IN_SEC']))
         self.assertEqual(
             self.server.client.additional_headers["X-RateLimit-Remaining"],
-            0)
+            '0')
         self.assertFalse("Retry-After" in
                          self.server.client.additional_headers) 
         # we still need to wait a minute for everything to clear
         self.assertAlmostEqual(
-            self.server.client.additional_headers["X-RateLimit-Reset"],
+            float(self.server.client.additional_headers["X-RateLimit-Reset"]),
             59, delta=1)
 
         # and make sure we need to wait another three seconds
@@ -1072,7 +1072,7 @@ def testRestRateLimit(self):
         self.assertEqual(self.server.client.response_code, 429)
         self.assertEqual(
             str(self.server.client.additional_headers["Retry-After"]),
-            "3.0")  # check as string
+            "3")  # check as string
 
         json_dict = json.loads(b2s(results))
         self.assertEqual(json_dict['error']['msg'],