Merge pull request #29 from a-luna:fix-gh-action-deploy_attempt-15

Add function to check if request origin is external

app/core/rate_limit.py

@@ -102,7 +102,7 @@ def is_exceeded(self, request: Request) -> Result[None]:
 
     def rate_limit_is_required(self, request: Request):
         if self.settings.is_prod or self.settings.is_dev:  # pragma: no cover
-            return requested_route_is_rate_limited(request)
+            return request_origin_is_external(request) and requested_route_is_rate_limited(request)
         return rate_limit_feature_is_under_test(request)
 
     def get_allowed_at(self, tat: float) -> float:
@@ -145,6 +145,14 @@ def rate_limit_feature_is_under_test(request: Request) -> bool:
     return False  # pragma: no cover
 
 
+def request_origin_is_external(request: Request) -> bool:
+    if "localhost" in request.client.host:
+        return False
+    if "sec-fetch-site" in request.headers:
+        return request.headers["sec-fetch-site"] != "same-site"
+    return True
+
+
 def requested_route_is_rate_limited(request: Request):  # pragma: no cover
     return RATE_LIMIT_ROUTE_REGEX.search(request.url.path)