aikido-zen 1.0.1.beta.5-x86_64-linux → 1.0.2.beta.1-x86_64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b01d3459808741951cb9a0bab8f4d5877d1b04e75bcb480bd9a933b41a64396e
-  data.tar.gz: 7fa785cf11417b36ba1f17491028749854ac25c37e003053f42e86f9f48a8e97
+  metadata.gz: 9347e04120015f5c5837d1054439b4fbdb6266ecc815d83f99a2e7d6b1024046
+  data.tar.gz: e14058330d68a7a6ff88de76d7f34f414906694fa0e5eda01ec261b8169f322b
 SHA512:
-  metadata.gz: 32661db3670f9e2c0648121ba38002da3d5d1485113b8d0f0f64e9e99f7c832d9ebe81771f30b62a70d750ebbeff55fa1b7d316cbcdfe3b1556c05eb0d9301eb
-  data.tar.gz: 87f4dcbcea47956c4ac189aa9459ca382be753918c73cd598e2f872e280b42c7359babdce39747da0ad0e841e7f88aad6443969765057eb996335f940d41762d
+  metadata.gz: a783af96d065f0b2a17c0c9bb9a25b37032056e2a2dc18e0794c7ae2dc6d8f7cefe82c03234853546bb22af777d4ceb894b2fabedd0a256ca0fbce0bba717245
+  data.tar.gz: 570ddc5f69df1a48b04df314b77a42450dea051dd646709672f8a33805b87ccb49039ba7ad073f0c6901eb37509372ae464ce0551ad64f4519004f9e3e88ed8a

data/docs/rails.md

@@ -2,19 +2,63 @@
 
 To install Zen, add the gem:
 
-```
+```sh
 bundle add aikido-zen
 ```
 
+And require it before `Bundler.require` in `config/application.rb`:
+
+```ruby
+# config/application.rb
+require_relative "boot"
+
+require "rails/all"
+
+require "aikido-zen"
+Aikido::Zen.protect!
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+...
+```
+
 That's it! Zen will start to run inside your app when it starts getting
 requests.
 
+## Rate limiting and user blocking
+
+If you want to add the rate limiting feature to your app, modify your code like this:
+
+```ruby
+# app/controllers/application_controller.rb
+class ApplicationController < ActionController::Base
+  private
+
+  def current_user
+    return unless session[:user_id]
+    User.find(session[:user_id])
+  end
+
+  def authenticate_user!
+    # Your authentication logic here
+    # ...
+    # Optional, if you want to use user based rate limiting or block specific users
+    Aikido::Zen.set_user(
+      id: current_user.id,
+      name: current_user.name
+    )
+  end
+end
+```
+
 ## Configuration
 
 Zen exposes its configuration object to the Rails configuration, which you can
 modify in an initializer if desired:
 
-``` ruby
+```ruby
 # config/initializers/zen.rb
 Rails.application.config.zen.api_timeouts = 20
 ```
@@ -30,7 +74,7 @@ If you're using Rails' [encrypted credentials][creds], and prefer not storing
 sensitive values in your env vars, you can easily configure Zen for it. For
 example, assuming the following credentials structure:
 
-``` yaml
+```yaml
 # config/credentials.yml.enc
 zen:
   token: "AIKIDO_RUNTIME_..."
@@ -38,7 +82,7 @@ zen:
 
 You can just tell Zen to use it like so:
 
-``` ruby
+```ruby
 # config/initializers/zen.rb
 Rails.application.config.zen.token = Rails.application.credentials.zen.token
 ```
@@ -61,7 +105,7 @@ way.
 By default, Zen will use the Rails logger, prefixing messages with `[aikido]`.
 You can redirect the log to a separate stream by overriding the logger:
 
-```
+```ruby
 # config/initializers/zen.rb
 Rails.application.config.zen.logger = Logger.new(...)
 ```

data/lib/aikido/zen/config.rb

@@ -64,7 +64,7 @@ module Aikido::Zen
     # @return [string] Path of the socket where the detached agent will listen.
     # By default, is stored under the root application path with file name
     # `aikido-detached-agent.sock`
-    attr_reader :detached_agent_socket_path
+    attr_accessor :detached_agent_socket_path
 
     # @return [Boolean] is the agent in debugging mode?
     attr_accessor :debugging
@@ -222,9 +222,8 @@ module Aikido::Zen
       @api_timeouts.update(value)
     end
 
-    def detached_agent_socket_path=(path)
-      @detached_agent_socket_path = path
-      @detached_agent_socket_path = "drbunix:" + @detached_agent_socket_path unless @detached_agent_socket_path.start_with?("drbunix:")
+    def detached_agent_socket_uri
+      "drbunix:" + @detached_agent_socket_path
     end
 
     private

data/lib/aikido/zen/detached_agent/agent.rb

@@ -32,7 +32,7 @@ module Aikido::Zen::DetachedAgent
       @polling_interval = polling_interval
       @worker = worker
       @collector = collector
-      @detached_agent_front = DRbObject.new_with_uri(config.detached_agent_socket_path)
+      @detached_agent_front = DRbObject.new_with_uri(config.detached_agent_socket_uri)
       @has_forked = false
       schedule_tasks
     end

data/lib/aikido/zen/detached_agent/server.rb

@@ -1,41 +1,78 @@
 # frozen_string_literal: true
 
+require "fileutils"
+
 module Aikido::Zen::DetachedAgent
   class Server
+    # Initialize and start a detached agent server instance.
+    #
+    # @return [Aikido::Zen::DetachedAgent::Server]
+    def self.start(**opts)
+      new(**opts).tap(&:start!)
+    end
+
     def initialize(config: Aikido::Zen.config)
-      @detached_agent_front = FrontObject.new
-      @drb_server = DRb.start_service(config.detached_agent_socket_path, @detached_agent_front)
+      @started_at = nil
 
-      # We don't want to see drb logs unless in debug mode
-      @drb_server.verbose = config.logger.debug?
-    end
+      @config = config
 
-    def alive?
-      @drb_server.alive?
+      @socket_path = config.detached_agent_socket_path
+      @socket_uri = config.detached_agent_socket_uri
     end
 
-    def stop!
-      @drb_server.stop_service
-      DRb.stop_service
+    def started?
+      !!@started_at
     end
 
-    class << self
-      def start!
-        Aikido::Zen.config.logger.debug("Starting DRb Server...")
-        max_attempts = 10
-        @server = new
-
-        attempts = 0
-        until @server.alive?
-          Aikido::Zen.config.logger.info("DRb Server still not alive. #{max_attempts - attempts} attempts remaining")
-          sleep 0.1
-          attempts += 1
-          raise Aikido::Zen::DetachedAgentError.new("Impossible to start the dRB server (socket=#{Aikido::Zen.config.detached_agent_socket_path})") \
-            if attempts == max_attempts
-        end
-
-        @server
+    def start!
+      @config.logger.info("Starting DRb Server...")
+
+      # Try to ensure that the DRb service can start if the DRb service did
+      # not stop cleanly.
+      begin
+        # Check whether the Unix domain socket is in use by another process.
+        UNIXSocket.new(@socket_path).close
+      rescue Errno::ECONNREFUSED
+        @config.logger.debug("Removing residual Unix domain socket...")
+
+        # Remove the residual Unix domain socket.
+        FileUtils.rm_f(@socket_path)
+      rescue
+        # empty
+      end
+
+      @front = FrontObject.new
+
+      # If the Unix domain socket is in use by another process and/or the
+      # residual Unix domain socket could not be removed DRb will raise an
+      # appropriate error.
+      @drb_server = DRb.start_service(@socket_uri, @front)
+
+      # Only show DRb output in debug mode.
+      @drb_server.verbose = @config.logger.debug?
+
+      # Ensure that the DRb server is alive.
+      max_attempts = 10
+      attempts = 0
+      until @drb_server.alive?
+        @config.logger.info("DRb Server still not alive. #{max_attempts - attempts} attempts remaining")
+        sleep 0.1
+        attempts += 1
+        raise Aikido::Zen::DetachedAgentError.new("Impossible to start the dRB server (socket=#{Aikido::Zen.config.detached_agent_socket_path})") \
+          if attempts == max_attempts
       end
+
+      @started_at = Time.now.utc
+
+      at_exit { stop! if started? }
+    end
+
+    def stop!
+      @config.logger.info("Stopping DRb Server...")
+      @started_at = nil
+
+      @drb_server.stop_service if @drb_server.alive?
+      DRb.stop_service
     end
   end
 end

data/lib/aikido/zen/sinks_dsl.rb

@@ -109,6 +109,8 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_before(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         original = instance_method(method_name)
 
         define_method(method_name) do |*args, **kwargs, &blk|
@@ -131,6 +133,8 @@ module Aikido::Zen
       #
       # @note the block is executed within `safe` to handle errors safely; the original method is executed outside of `safe` to preserve the original behavior
       def sink_before(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         presafe_sink_before(method_name) do |*args, **kwargs|
           DSL.safe do
             instance_exec(*args, **kwargs, &block)
@@ -149,6 +153,8 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_after(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         original = instance_method(method_name)
 
         define_method(method_name) do |*args, **kwargs, &blk|
@@ -173,6 +179,8 @@ module Aikido::Zen
       #
       # @note the block is executed within `safe` to handle errors safely; the original method is executed outside of `safe` to preserve the original behavior
       def sink_after(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         presafe_sink_after(method_name) do |result, *args, **kwargs|
           DSL.safe do
             instance_exec(result, *args, **kwargs, &block)
@@ -191,6 +199,8 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_around(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         original = instance_method(method_name)
 
         define_method(method_name) do |*args, **kwargs, &blk|
@@ -219,6 +229,8 @@ module Aikido::Zen
       # @note the block is executed within `safe` to handle errors safely; the original method is executed within `presafe` to preserve the original behavior
       # @note if the block does not call `original_call`, the original method is called automatically after the block is executed
       def sink_around(method_name, &block)
+        raise ArgumentError, "block required" unless block
+
         presafe_sink_around(method_name) do |presafe_original_call, *args, **kwargs|
           original_called = false
           original_call = proc do

data/lib/aikido/zen/version.rb

@@ -2,7 +2,7 @@
 
 module Aikido
   module Zen
-    VERSION = "1.0.1.beta.5"
+    VERSION = "1.0.2.beta.1"
 
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.39"

data/lib/aikido/zen.rb

@@ -165,6 +165,11 @@ module Aikido
       end
     end
 
+    # Align with other Zen implementations, while keeping internal consistency.
+    class << self
+      alias_method :set_user, :track_user
+    end
+
     # Marks that the Zen middleware was installed properly
     # @return void
     def self.middleware_installed!
@@ -209,7 +214,7 @@ module Aikido
     end
 
     def self.detached_agent_server
-      @detached_agent_server ||= DetachedAgent::Server.start!
+      @detached_agent_server ||= DetachedAgent::Server.start
     end
 
     class << self

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.5
+  version: 1.0.2.beta.1
 platform: x86_64-linux
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-08-19 00:00:00.000000000 Z
+date: 2025-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby