Add allow_unsafe_throttle_cache setting for cache backend safety checks #998#998
Merged
sobolevn merged 16 commits intowemake-services:masterfrom May 6, 2026
Merged
Add allow_unsafe_throttle_cache setting for cache backend safety checks #998#998sobolevn merged 16 commits intowemake-services:masterfrom
sobolevn merged 16 commits intowemake-services:masterfrom
Conversation
…ecks <!-- Hi, thanks for submitting a Pull Request. We appreciate it. Please, fill in all the required information to make our review and merging processes easier. Cheers! --> ## AI Policy - [x] I have read and agree to the [AI Policy](https://github.com/wemake-services/django-modern-rest/blob/master/.github/AI_POLICY.md), removed any "Co-Authored-By" lines attributing coding agents, and manually reviewed the final result ## Checklist <!-- Please check everything that applies: --> - [x] I have double checked that there are no unrelated changes in this pull request (old patches, accidental config files, etc) - [x] I have created at least one test case for the changes I have made - [x] I have updated the documentation for the changes I have made ## Related issues Closes wemake-services#978 <!-- Mark what issues this Pull Request closes or references. Format is: - Closes #issue-number - Refs #issue-number Example. Refs #0 Documentation: https://blog.github.com/2013-05-14-closing-issues-via-pull-requests/ --> <!-- If you have any feedback, just write it here. It can be whatever you want! --> `LocMemCache` and `DummyCache` don't share state between processes, so using them for throttling silently breaks rate limiting in production. This PR makes that configuration fail loudly. By default, an `ImproperlyConfigured` exception is raised when an unsafe backend is detected. Setting `allow_unsafe_throttle_cache = True` in `DMR_SETTINGS` opts in to unsafe behavior – in that case a UserWarning is emitted on the first throttling operation so at least you know it's on. The check is lazy (fires on first incr/get, not at instantiation) to avoid breaking tests that create backend instances early. `_CHECKED_CACHES` is module-level so the check doesn't repeat on every request, and it's intentionally not tied to `clear_settings_cache()`.
Fix invalid cross-reference in throttling docs
sobolevn
reviewed
May 4, 2026
…make-services#978) - Final annotations on all constants - Drop mutable module state, move check to post_init - Add UnsafeCacheBackendWarning subclass - Fix test ordering issue with DMR_SETTINGS + LRU cache - Switch to dmr_clean_settings fixture
sobolevn
reviewed
May 4, 2026
Member
sobolevn
left a comment
sobolevn
left a comment
There was a problem hiding this comment.
One final round of review :)
sobolevn
reviewed
May 4, 2026
sobolevn
requested changes
May 4, 2026
sobolevn
approved these changes
May 6, 2026
Member
sobolevn
left a comment
sobolevn
left a comment
There was a problem hiding this comment.
Thanks! I will take it from here ;)
for more information, see https://pre-commit.ci
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #998 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 380 381 +1
Lines 16290 16386 +96
Branches 518 524 +6
=========================================
+ Hits 16290 16386 +96 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AI Policy
Checklist
Related issues
Closes #978
LocMemCacheandDummyCachedon't share state between processes, so using them for throttling silently breaks rate limiting in production. This PR makes that configuration fail loudly.By default, an
ImproperlyConfiguredexception is raised when an unsafe backend is detected. Settingthrottle_allow_unsafe_cache = TrueinDMR_SETTINGSopts in to unsafe behavior – in that case anUnsafeCacheBackendWarningis emitted so at least you know it's on.The check runs once in
__post_init__when the cache backend is constructed, so there's no overhead on every request.