action_ip_filter 0.4.1 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ab37d67a38831a742018eff90badafe4bd649e39a4947607d771fec81cc1240
-  data.tar.gz: 0261b32eb41b2fcfcc5fae68a05f620a0396ebc100f190c5cf3d8f85fb7fd646
+  metadata.gz: 89a56e3e93ef8dd25c9aae21185810b83cdf6c27662db6ba5749ee8ccc12976e
+  data.tar.gz: 674e5ce2970c6fe3e91469d856b6052a2eaa26e4a83ada61d5214f4ad49df7e9
 SHA512:
-  metadata.gz: 7e311296f966af5e21a750be237775288405f80f4e556a52805c13966edece9cdde41d8e6a3a10e4c2d5aa8fc48b88c1671f0b87694975ff8cc6409697da6676
-  data.tar.gz: 38982121736b2a629323f0ee517f02154da973d7b7c051d191ab5705e4eb86593f662eb4676a3e979a35f3680655974063a2d013d3a4d7d5955f8365aa5db748
+  metadata.gz: badbaf5b413e15360b998db3aa662233219a5de020a588e06912aae2abc487fd45059aeb91445afe0a33c1b25b0886b0486ba7866346488d295835f78a42e2e5
+  data.tar.gz: 51194a577f7885a3a63e48acb10210bd3b4ad8b33d059449a3525d22b7ca25d5b8d6a8bdf0132bfb7163872b436ac9054459c2ba8b8c30409b6b5fbc65e70eff

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 ## [Unreleased]
 
+## [0.5.1] - 2025-12-15
+
+There are no changes in core logic. Only the release toolchain has been changed.
+
+## [0.5.0] - 2025-12-02
+
+### New Features
+
+- Make `log_denial_message` configurable [#9](https://github.com/smartbank-inc/action_ip_filter/pull/9)
+
 ## [0.4.1] - 2025-12-01
 
 ### Bug Fix

data/README.md

@@ -6,12 +6,12 @@ A lightweight gem that provides IP address restrictions for Rails controllers at
 
 Unlike Rack middleware solutions (e.g., `rack-attack`), action_ip_filter operates at the controller level:
 
-| Feature | rack-attack | action_ip_filter |
-|---------|-------------|----------------|
-| Layer | Rack middleware (all requests) | Controller before_action |
-| Granularity | Path/IP based | Controller/Action based |
-| Overhead | Every request evaluated | Only specified actions |
-| Use case | DDoS protection, rate limiting | Admin panels, webhooks |
+| Feature     | rack-attack                    | action_ip_filter         |
+|-------------|--------------------------------|--------------------------|
+| Layer       | Rack middleware (all requests) | Controller before_action |
+| Granularity | Path/IP based                  | Controller/Action based  |
+| Overhead    | Every request evaluated        | Only specified actions   |
+| Use case    | DDoS protection, rate limiting | Admin panels, webhooks   |
 
 **Use this gem when you need:**
 - IP restrictions on specific controller actions only
@@ -177,17 +177,36 @@ ActionIpFilter.configure do |config|
 
   # Enable/disable denial logging (default: true)
   config.log_denials = true
+
+  # Logging on denied
+  # It passes `config.logger` as the first argument (logger) and the actual client IP address as the second argument (client_ip).
+  config.log_denial_message = ->(logger, client_ip) {
+    logger.error("Blocked IP: #{client_ip}")
+  }
 end
 ```
 
 ### Default Values
 
-| Option | Default                             | Description                                        |
-|--------|-------------------------------------|----------------------------------------------------|
-| `ip_resolver` | `-> { request.remote_ip }` | Proc that extracts client IP from request |
-| `on_denied` | `-> { head :forbidden }`            | Handler called when access is denied (returns 403) |
-| `logger` | `Rails.logger`                      | Logger instance for denied request logging |
-| `log_denials` | `true`                              | Whether to log denied requests as warn level |
+| Option               | Default                    | Description                                        |
+|----------------------|----------------------------|----------------------------------------------------|
+| `ip_resolver`        | `-> { request.remote_ip }` | Proc that extracts client IP from request          |
+| `on_denied`          | `-> { head :forbidden }`   | Handler called when access is denied (returns 403) |
+| `logger`             | `Rails.logger`             | Logger instance for denied request logging         |
+| `log_denials`        | `true`                     | Whether to log denied requests as warn level       |
+| `log_denial_message` | See below                  | Proc that formats the denial log message           |
+
+The default `log_denial_message` is:
+
+```ruby
+->(logger, client_ip) {
+  logger.warn("[ActionIpFilter] Access denied for IP: #{client_ip} on #{self.class.name}##{action_name}")
+}
+```
+
+### Note on the configurable Proc block
+
+The block is executed via `instance_exec` in the controller context, so you may call controller methods such as `request`, `head`, `render`, and others.
 
 ## Testing
 
@@ -240,12 +259,14 @@ end
 
 ## Logging
 
-When `log_denials` is enabled (default), denied requests are logged:
+When `log_denials` is enabled, denied requests are logged as default:
 
 ```
 [ActionIpFilter] Access denied for IP: 192.0.2.1 on MyController#index
 ```
 
+See also: the `log_denial_message` configuration, which allows you to adjust both the log level and the message.
+
 ## Development
 
 ```bash

data/lib/action_ip_filter/configuration.rb

@@ -6,18 +6,33 @@ module ActionIpFilter
     # @rbs @on_denied: ^() -> void
     # @rbs @logger: Logger?
     # @rbs @log_denials: bool
+    # @rbs @log_denial_message: ^(Logger, String?) -> void
+
+    # @rbs!
+    #   interface _Request
+    #     def remote_ip: () -> String
+    #   end
+    #
+    #   def action_name: () -> String
+    #   def controller_name: () -> String
+    #   def head: (Symbol) -> void
+    #   def request: () -> _Request
 
     attr_accessor :ip_resolver #: ^() -> String?
     attr_accessor :on_denied #: ^() -> void
     attr_accessor :logger #: Logger?
     attr_accessor :log_denials #: bool
+    attr_accessor :log_denial_message #: ^(Logger, String?) -> void
 
     # @rbs return: void
     def initialize
-      @ip_resolver = -> { request.remote_ip } # steep:ignore NoMethod
-      @on_denied = -> { head :forbidden } # steep:ignore NoMethod
+      @ip_resolver = -> { request.remote_ip }
+      @on_denied = -> { head :forbidden }
       @logger = nil
       @log_denials = true
+      @log_denial_message = ->(logger, client_ip) {
+        logger.warn("[ActionIpFilter] Access denied for IP: #{client_ip} on #{self.class.name}##{action_name}")
+      }
     end
   end
 

data/lib/action_ip_filter/ip_filterable.rb

@@ -7,8 +7,8 @@ module ActionIpFilter
     extend ActiveSupport::Concern
 
     # @rbs!
-    #   def action_name: () -> String
-    #   def instance_exec: [T] (*untyped) { () -> T } -> T
+    #   def instance_exec: [T] () { () -> T } -> T
+    #                    | (Logger, String?) { (Logger, String?) -> void } -> void
     #   def before_action: (*untyped, **untyped) -> void
 
     class_methods do
@@ -57,9 +57,10 @@ module ActionIpFilter
       logger = ActionIpFilter.configuration.logger
       return if logger.nil?
 
-      logger.warn do
-        "[ActionIpFilter] Access denied for IP: #{client_ip} on #{self.class.name}##{action_name}"
-      end
+      log_denial_message = ActionIpFilter.configuration.log_denial_message
+      return if log_denial_message.nil?
+
+      instance_exec(logger, client_ip, &log_denial_message)
     end
   end
 end

data/lib/action_ip_filter/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionIpFilter
-  VERSION = "0.4.1" #: String
+  VERSION = "0.5.1" #: String
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: action_ip_filter
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.1
 platform: ruby
 authors:
 - SmartBank, Inc.