Checkpoint: Production-Ready Flask

Why should rate limiting run before the cache check and the real work?

• Because the cache is slower than rate limiting
• Because rate limiting needs the computed result
• Because rejecting abusive traffic is cheapest, protecting expensive resources
• Because the cache cannot return 429

Answer: Because rejecting abusive traffic is cheapest, protecting expensive resources. Rejecting abusive traffic is the cheapest operation, so doing it first avoids spending cycles on a request you will reject with 429.

What status code does an over-the-limit request return?

• 429 Too Many Requests
• 403 Forbidden
• 503 Service Unavailable
• 400 Bad Request

Answer: 429 Too Many Requests. An over-the-limit request returns 429 Too Many Requests, usually paired with a Retry-After header telling the client when to retry.

Which header tells a rate-limited client how long to wait before retrying?

• X-RateLimit-Reset
• Cache-Control
• X-Forwarded-For
• Retry-After

Answer: Retry-After. The Retry-After header gives the number of seconds the client should wait before trying the request again.

Why enqueue a slow follow-up task instead of running it inline in the request?

• Inline work is impossible in Flask
• So the request returns immediately while a worker does the slow part
• Because queues are faster than functions
• To avoid using the cache

Answer: So the request returns immediately while a worker does the slow part. Slow work like sending email would block the response; enqueueing lets the request return fast while a background worker (Celery/RQ) handles it.

In the production version, which decorator replaces the hand-rolled TTL cache?

• @cache.cached(timeout=...) from Flask-Caching
• @app.route
• @limiter.limit from Flask-Limiter
• @functools.lru_cache

Answer: @cache.cached(timeout=...) from Flask-Caching. @cache.cached(timeout=...) from Flask-Caching replaces the hand-rolled TTL dict in production.

Which extension replaces the fixed-window counter to enforce rate limits in production?

• Flask-Caching
• Flask-Mail
• Flask-Limiter
• Flask-Migrate

Answer: Flask-Limiter. Flask-Limiter, via @limiter.limit("3 per minute"), replaces the hand-rolled fixed-window counter.

Why must a production cache and rate limiter use shared storage like Redis?

• Because Redis is faster than RAM
• Because each worker would otherwise keep its own inconsistent copy
• Because Flask requires Redis
• Because dicts cannot store integers

Answer: Because each worker would otherwise keep its own inconsistent copy. With multiple workers an in-process dict gives each worker its own copy; Redis is shared so every process reads one source of truth.

When does an async view actually help an endpoint?

• For a single quick CPU-bound computation
• Whenever any route is slow
• Only when using WebSockets
• When it awaits several independent I/O calls that can overlap

Answer: When it awaits several independent I/O calls that can overlap. Async helps when a route awaits several independent I/O calls that overlap (asyncio.gather); it does not help CPU-bound or single quick work.

In the recommended order of concerns, what happens immediately after a cache miss does the real work?

• The request is rate-limited again
• The result is cached and the outcome logged
• The response is discarded
• The cache is cleared

Answer: The result is cached and the outcome logged. After computing on a miss you cache the result and log the outcome, then enqueue any follow-up task before responding.

What does logging into a StringIO buffer let you do in the runnable checkpoint?

• Send logs to Sentry automatically
• Replace the rate limiter
• Read back exactly what the app logged to verify behavior
• Persist logs to disk permanently

Answer: Read back exactly what the app logged to verify behavior. Logging into a StringIO buffer lets you read log_buffer.getvalue() to verify which hits, misses, and rejections occurred.