better_rate_limit 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c4d162e7489abec1ddc7da39b21c0ae310006ed0b95019d319cd078165535ef6
+  data.tar.gz: b17e2dcbd2a77f637a06a7402724863f29fb8331c7693128ae78650b35377dce
+SHA512:
+  metadata.gz: 84678f8937e1e9c0289155a2879d2e7843f62545e358d002e6abe6e77b0adb4afa645328a09faa9e075464924db34dea816ae4fc85b14b8f1b247c87c0493426
+  data.tar.gz: 86b48ab0065c39fb44450053bc45152e5af7d11824380a3867d3c1a8f49b86a7c1d4b8dcd7a02ac0804b4683e3ff968082b46c47c8c8185f650baa62f07929b7

data/.gitignore

@@ -0,0 +1,70 @@
+<<<<<<< HEAD
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*
+=======
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+>>>>>>> init gem

data/.travis.yml

@@ -0,0 +1,6 @@
+---
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.5
+before_install: gem install bundler -v 2.1.4

data/Gemfile

@@ -0,0 +1,17 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in rate-limit.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+
+group :development, :test do
+  gem "pry"
+end
+
+group :test do
+  gem "timecop"
+  gem "mocha"
+  gem "mock_redis"
+  gem "rails-controller-testing"
+end

data/Gemfile.lock

@@ -0,0 +1,81 @@
+PATH
+  remote: .
+  specs:
+    better_rate_limit (0.1.1)
+      actionpack (>= 5.0)
+      redis (>= 3.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (5.2.4.3)
+      actionview (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
+      rack (~> 2.0, >= 2.0.8)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.4.3)
+      activesupport (= 5.2.4.3)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activesupport (5.2.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    builder (3.2.4)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.6)
+    crass (1.0.6)
+    erubi (1.9.0)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    loofah (2.6.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    method_source (1.0.0)
+    mini_portile2 (2.4.0)
+    minitest (5.14.1)
+    mocha (1.11.2)
+    mock_redis (0.25.0)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rack (2.2.3)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rake (12.3.3)
+    redis (4.2.1)
+    thread_safe (0.3.6)
+    timecop (0.9.1)
+    tzinfo (1.2.7)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  better_rate_limit!
+  mocha
+  mock_redis
+  pry
+  rails-controller-testing
+  rake (~> 12.0)
+  timecop
+
+BUNDLED WITH
+   2.1.4

data/README.md

@@ -0,0 +1,50 @@
+# BetterRateLimit
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/better_rate_limit`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'better_rate_limit', git: 'https://github.com/upscopeio/better_rate_limit'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install better_rate_limit
+
+## Usage
+
+BetterRateLimit adds a controller class method `better_rate_limit`, you can add it to the `ApplicationController`, like the example below:
+
+```ruby
+class ApplicationController < ActionController::Base
+  better_rate_limit 200, every: 1.minute
+end
+```
+
+#### Notifier
+Implement your own notifier logic by subscribing to the `rate_limit.notify` event
+
+```ruby
+ActiveSupport::Notifications.subscribe /rate_limit/ do |_name, _start, _finish, _id, payload|
+  # Your Notifier logic goes here
+  # The payload param will return the better_rate_limit_key
+  # e.g ( payload => { rate_limit_key: 'controller_throttle:auth/session:10:900:127.0.0.1' } )
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/upscopeio/better_rate_limit.

data/Rakefile

@@ -0,0 +1,15 @@
+# froze_string_literal: true
+
+require "bundler/gem_tasks"
+
+require "rake/testtask"
+
+desc "Run unit tests"
+task default: :test
+
+desc "Test BetterRateLimit"
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.pattern = "test/**/*_test.rb"
+  t.verbose = true
+end

data/better_rate_limit.gemspec

@@ -0,0 +1,28 @@
+require_relative 'lib/better_rate_limit/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "better_rate_limit"
+  spec.version       = BetterRateLimit::VERSION
+  spec.authors       = ["Pablo Fonseca", "Joe d'Elia"]
+  spec.email         = ["pablofonseca777@gmail.com", "joe@delia.is"]
+
+  spec.summary       = %q{Rate limit requests}
+  spec.description   = %q{Adds rate limit for requests}
+  spec.homepage      = "https://github.com/upscopeio/better_rate_limit"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "redis", ">= 3.3"
+  spec.add_dependency "actionpack", ">= 5.0"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "rate_limit"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/action_controller/better_rate_limit.rb

@@ -0,0 +1,68 @@
+require 'ostruct'
+require 'better_rate_limit/throttle'
+
+module ActionController
+  module BetterRateLimit
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def rate_limit(max, every:, name: nil, scope: -> { real_ip }, only: [], except: [])
+        rate_limits << OpenStruct.new({
+                                        max: max,
+                                        every: every,
+                                        name: name || controller_path,
+                                        scope: scope,
+                                        only: only,
+                                        except: except,
+                                        controller_path: controller_path
+                                      })
+
+        before_action :perform_rate_limiting
+      end
+
+      def rate_limits
+        @rate_limits ||= []
+      end
+
+      def all_rate_limits
+        return rate_limits unless superclass.respond_to? :all_rate_limits
+
+        rate_limits + superclass.all_rate_limits
+      end
+    end
+
+    protected
+
+    def perform_rate_limiting
+      return if self.class.all_rate_limits.map { |r| under_rate_limit?(r) }.all? { |r| r === true }
+
+      return render json: { error: 'Too many requests' }, status: :too_many_requests if json?
+
+      send_file 'public/429.html', status: :too_many_requests
+    end
+
+    private
+
+    def json?
+      request.xhr? || request.format === :json
+    end
+
+    def real_ip
+      request.headers['X-Forwarded-For'].try(:split, ',').try(:[], -2..-2).try(:first).try(:strip)
+    end
+
+    def under_rate_limit?(limit)
+      if limit.controller_path == controller_path
+        return true if action_name.to_sym.in?([limit.except].flatten)
+        return true if !limit.only.empty? && !action_name.to_sym.in?([limit.only].flatten)
+      end
+
+      scope = limit.scope.is_a?(Proc) ? instance_exec(&limit.scope) : send(limit.scope)
+      scope = scope.to_param if scope.respond_to?(:to_param)
+
+      key = ['controller_throttle', limit.name, limit.max, limit.every, scope].join(':')
+
+      ::BetterRateLimit::Throttle.allow? key, limit: limit.max, time_window: limit.every
+    end
+  end
+end

data/lib/better_rate_limit.rb

@@ -0,0 +1,9 @@
+require 'action_controller'
+
+module ActionController
+  autoload :BetterRateLimit, 'action_controller/better_rate_limit'
+end
+
+ActiveSupport.on_load(:action_controller) do
+  include ActionController::BetterRateLimit
+end

data/lib/better_rate_limit/redis_connection.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'redis'
+
+module BetterRateLimit
+  module RedisConnection
+    def self.included(host)
+      host.extend ClassMethods
+    end
+
+    module ClassMethods
+      def redis_client
+        @redis_client ||= Redis.new(url: ENV.fetch('REDIS_URL', 'redis://localhost:6379'))
+      end
+    end
+  end
+end

data/lib/better_rate_limit/throttle.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'active_support/core_ext/numeric/time'
+require 'active_support/core_ext/time/calculations'
+require 'better_rate_limit/redis_connection'
+
+module BetterRateLimit
+  module Throttle
+    include RedisConnection
+
+    class << self
+      def throttle(key, limit:, time_window:)
+        now = Time.now.utc
+        timestamps_count = redis_client.llen key
+
+        if timestamps_count < limit
+          redis_client.multi do
+            redis_client.rpush key, now
+            redis_client.expire key, time_window.to_i
+          end
+          true
+        else
+          first = redis_client.lpop(key)
+          redis_client.multi do
+            redis_client.rpush key, now
+            redis_client.expire key, time_window.to_i
+          end
+
+          passing = first.to_time(:utc) < time_window.ago
+
+          unless passing
+            notify(key) unless redis_client.exists('failing-rate-limits:' + key)
+            redis_client.setex('failing-rate-limits:' + key, time_window.to_i, '1')
+          end
+
+          passing
+        end
+      end
+
+      alias allow? throttle
+
+      def notify(key)
+        ActiveSupport::Notifications.instrument 'rate_limit.notify', { rate_limit_key: key }
+      end
+    end
+  end
+end

data/lib/better_rate_limit/version.rb

@@ -0,0 +1,3 @@
+module BetterRateLimit
+  VERSION = "0.1.1"
+end

data/public/429.html

@@ -0,0 +1,10 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8"/>
+    <title>Too Many Requests</title>
+  </head>
+  <body>
+    <h2>Too Many Requests</h2>
+  </body>
+</html>

metadata

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: better_rate_limit
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Pablo Fonseca
+- Joe d'Elia
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2020-08-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.3'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+description: Adds rate limit for requests
+email:
+- pablofonseca777@gmail.com
+- joe@delia.is
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- better_rate_limit.gemspec
+- bin/console
+- bin/setup
+- lib/action_controller/better_rate_limit.rb
+- lib/better_rate_limit.rb
+- lib/better_rate_limit/redis_connection.rb
+- lib/better_rate_limit/throttle.rb
+- lib/better_rate_limit/version.rb
+- public/429.html
+homepage: https://github.com/upscopeio/better_rate_limit
+licenses: []
+metadata:
+  homepage_uri: https://github.com/upscopeio/better_rate_limit
+  source_code_uri: https://github.com/upscopeio/better_rate_limit
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.8
+signing_key:
+specification_version: 4
+summary: Rate limit requests
+test_files: []