actionlimiter 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 01f5bc1107b2d90f94cb1805894dc9047764da8c0cfe298836a63ab01f4ad38b
+  data.tar.gz: f6eca9a81f6492e8f6a9c3b2231a5f85b0d5417773e57e4495b8976652b8564f
+SHA512:
+  metadata.gz: 40a691dd3379ac0c52dd09ba9c3a159953be02457a76984fe6a2d3d36339a4fd0bf2710030d5c8428e020d12053104c192d09807ad47ed57c3266650a914472c
+  data.tar.gz: d2bcd2fff1eb33902cbd3993675232224dacfd0d07e9abb49a2adc940c381b84fdcc2f02a0cd6c079675c338c3eac6e0f1313d4c25a018ef8a9454a7640d8f83

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 AngryBoat, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,26 @@
+# ActionLimiter
+
+[![Unit Test](https://github.com/angryboat/actionlimiter/actions/workflows/testing.yml/badge.svg)](https://github.com/angryboat/actionlimiter/actions/workflows/testing.yml) [![Linters](https://github.com/angryboat/actionlimiter/actions/workflows/linting.yml/badge.svg)](https://github.com/angryboat/actionlimiter/actions/workflows/linting.yml)
+
+Provides Redis backed rate limiting for Rails applications.
+
+## Installing
+
+```shell
+gem install actionlimiter
+```
+
+```shell
+bundler add actionlimiter
+```
+
+## Usage
+
+### Rails IP Middleware
+
+```ruby
+Rails.application.configure do |config|
+  # Limit a single IP to 20 requests in a 5 second period.
+  config.middleware.use(ActionLimiter::Middleware::IP, period: 5, size: 20)
+end
+```

data/lib/action_limiter/instrumentation.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+begin
+  require 'active_support/notifications'
+rescue LoadError
+  nil
+end
+
+##
+# @private
+module ActionLimiter
+  def self.instrument(name, payload = {})
+    if defined?(ActiveSupport::Notifications)
+      ActiveSupport::Notifications.instrument(name, payload) { yield(payload) }
+    else
+      yield(payload)
+    end
+  end
+end

data/lib/action_limiter/middleware/ip.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require 'action_limiter/token_bucket'
+require 'digest'
+
+module ActionLimiter
+  module Middleware
+    ##
+    # IP based rate limiting middleware
+    class IP
+      ##
+      # @private
+      class ResponseBuilder
+        ##
+        # @private
+        def call(_env)
+          [429, response_headers, [response_body]]
+        end
+
+        private
+
+        def response_body
+          <<~BODY
+            <html>
+              <body>
+                <h1>Too Many Requests</h1>
+              </body>
+            </html>
+          BODY
+        end
+
+        def response_headers
+          {
+            'Content-Type' => 'text/html; charset=utf-8'
+          }
+        end
+      end
+
+      ##
+      # @private
+      def initialize(app, options = {})
+        @app = app
+        @response_builder = options.fetch(:response_builder) { ResponseBuilder.new }
+        @token_bucket = ActionLimiter::TokenBucket.new(
+          period: options.fetch(:period, 1),
+          size: options.fetch(:size, 100),
+          namespace: options.fetch(:namespace, 'action_limiter/middleware/ip')
+        )
+      end
+
+      ##
+      # @private
+      def call(env)
+        status, headers, body = _call(env)
+
+        headers.merge!(create_rate_limit_headers(env))
+
+        [status, headers, body]
+      end
+
+      private
+
+      def _call(env)
+        remote_ip = env.fetch('action_dispatch.remote_ip')
+        bucket_key = Digest::MD5.hexdigest(remote_ip.to_s)
+        bucket = @token_bucket.increment(bucket_key, Time.now)
+
+        env['action_limiter.ip_bucket'] = bucket
+
+        if bucket.value > @token_bucket.size
+          @response_builder.call(env)
+        else
+          @app.call(env)
+        end
+      end
+
+      def create_rate_limit_headers(env)
+        bucket = env.fetch('action_limiter.ip_bucket')
+
+        {
+          'X-Request-Count' => bucket.value.to_s,
+          'X-Request-Period' => @token_bucket.period.to_s,
+          'X-Request-Limit' => @token_bucket.size.to_s
+        }
+      end
+    end
+  end
+end

data/lib/action_limiter/middleware.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'action_limiter/middleware/ip'
+
+module ActionLimiter
+  ##
+  # Provides Rack middleware for the rate limiting algorithms
+  module Middleware
+  end
+end

data/lib/action_limiter/rails/engine.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'rails'
+
+module ActionLimiter
+  module Rails
+    class Engine < ::Rails::Railtie
+    end
+  end
+end

data/lib/action_limiter/rails.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'action_limiter/rails/engine' if defined?(::Rails)

data/lib/action_limiter/redis_provider.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'connection_pool'
+require 'redis'
+
+##
+# @private
+module ActionLimiter
+  ##
+  # Private
+  class RedisProvider
+    MUTEX = Mutex.new
+
+    class << self
+      def pool_size
+        ENV.fetch('ACTION_LIMITER_POOL_SIZE', 5).to_i
+      end
+
+      def pool_connection_timeout
+        ENV.fetch('ACTION_LIMITER_TIMEOUT', 30).to_i
+      end
+
+      def redis_connection_host
+        ENV.fetch('ACTION_LIMITER_REDIS_HOST', '127.0.0.1')
+      end
+
+      def redis_connection_port
+        ENV.fetch('ACTION_LIMITER_REDIS_PORT', 6379).to_i
+      end
+
+      def redis_connection_database
+        ENV.fetch('ACTION_LIMITER_REDIS_DB', 0).to_i
+      end
+
+      def connection_pool
+        MUTEX.synchronize do
+          @connection_pool ||= unsafe_create_connection_pool
+        end
+      end
+
+      def unsafe_create_connection_pool
+        ConnectionPool.new(size: pool_size, timeout: pool_connection_timeout) do
+          RedisProvider.unsafe_create_redis_connection
+        end
+      end
+
+      def unsafe_create_redis_connection
+        Redis.new(
+          host: redis_connection_host,
+          port: redis_connection_port,
+          db: redis_connection_database
+        )
+      end
+    end
+  end
+end

data/lib/action_limiter/scripts/token_bucket.lua

@@ -0,0 +1,18 @@
+-- Token Bucket
+
+-- Period is the number of seconds for the token bucket TTL
+local period = tonumber(ARGV[1])
+-- The server timestamp for the value delivered
+local ts = tonumber(ARGV[2])
+
+-- Set the minimum time
+local min = ts - period
+
+-- Bucket Name
+local bucket_name = KEYS[1]
+
+redis.call('ZREMRANGEBYSCORE', bucket_name, '-inf', min)
+redis.call('ZADD', bucket_name, ts, ts)
+redis.call('EXPIRE', bucket_name, period * 5)
+
+return redis.call('ZCARD', bucket_name)

data/lib/action_limiter/scripts.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module ActionLimiter
+  ##
+  # @private
+  SCRIPTS = Dir.glob("#{__dir__}/scripts/*.lua").each_with_object({}) do |script_path, object|
+    script_name = File.basename(script_path, '.lua').to_sym
+
+    object[script_name] = File.read(script_path).freeze
+  end.freeze
+end

data/lib/action_limiter/token_bucket.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'action_limiter/instrumentation'
+require 'action_limiter/redis_provider'
+require 'action_limiter/scripts'
+
+module ActionLimiter
+  ##
+  # Implementes a Token Bucket algorithm for rate limiting.
+  #
+  # @author Maddie Schipper
+  # @since 0.1.0
+  class TokenBucket
+    Bucket = Struct.new(:name, :value)
+
+    ##
+    # The period length for the bucket in seconds
+    #
+    # @return [Integer] The specified period
+    attr_reader :period
+
+    ##
+    # The allowed size of the bucket
+    #
+    # @return [Integer] The size of the bucket
+    attr_reader :size
+
+    ##
+    # The bucket namespace. The value will be prefixed to any bucket's name
+    #
+    # @return [String] The prefix
+    attr_reader :namespace
+
+    ##
+    # Initialize the token bucket instance
+    #
+    # @param period [#to_i] The value used to determine the bucket's period
+    # @param size [#to_i] The maximum number of tokens in the bucket for the given period
+    # @param namespace [nil, #to_s] Value to prefix all
+    def initialize(period:, size:, namespace: nil)
+      @period = period.to_i
+      @size = size.to_i
+      @namespace = namespace&.to_s || 'action_limiter/token_bucket'
+      @script_hash = ActionLimiter::RedisProvider.connection_pool.with do |connection|
+        connection.script(:load, ActionLimiter::SCRIPTS.fetch(:token_bucket))
+      end
+    end
+
+    ##
+    # Predicate for checking if the specified bucket name is incremented
+    #
+    # @param bucket [String] The name of the bucket to check
+    # @param time [Time] The time the check will occur
+    #
+    # @return [true, false] The limiting status of the bucket
+    def limited?(bucket, time: Time.now)
+      increment(bucket, time).value > size
+    end
+
+    ##
+    # @private
+    def increment(bucket, time)
+      ActionLimiter.instrument('action_limiter.token_bucket.increment') do
+        ActionLimiter::RedisProvider.connection_pool.with do |connection|
+          time_stamp = time.to_f
+          bucket_key = "#{namespace}/#{bucket}"
+          value = connection.evalsha(@script_hash, [bucket_key], [period.to_s, time_stamp.to_s])
+          Bucket.new(bucket, value)
+        end
+      end
+    end
+  end
+end

data/lib/action_limiter/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ActionLimiter
+  ##
+  # The current version number
+  VERSION = '0.2.0'
+end

data/lib/action_limiter.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'action_limiter/middleware'
+require 'action_limiter/rails'
+require 'action_limiter/token_bucket'
+require 'action_limiter/version'
+
+##
+# ActionLimiter implementes rate limiting backed by Redis
+#
+# @author Maddie Schipper
+# @since 0.1.0
+module ActionLimiter
+end

data/lib/actionlimiter.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+# This file exists only for the purpose of Bundler autoloading
+
+require 'action_limiter'

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: actionlimiter
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Maddie Schipper
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-10-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+description: Redis backed request rate limiter
+email:
+- maddie@angryboat.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/action_limiter.rb
+- lib/action_limiter/instrumentation.rb
+- lib/action_limiter/middleware.rb
+- lib/action_limiter/middleware/ip.rb
+- lib/action_limiter/rails.rb
+- lib/action_limiter/rails/engine.rb
+- lib/action_limiter/redis_provider.rb
+- lib/action_limiter/scripts.rb
+- lib/action_limiter/scripts/token_bucket.lua
+- lib/action_limiter/token_bucket.rb
+- lib/action_limiter/version.rb
+- lib/actionlimiter.rb
+homepage: https://github.com/angryboat/actionlimiter
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/angryboat/actionlimiter
+  source_code_uri: https://github.com/angryboat/actionlimiter
+  changelog_uri: https://github.com/angryboat/actionlimiter
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Redis backed request rate limiter
+test_files: []