bot_challenge_page 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/app/models/bot_challenge_page/config.rb +4 -4
- data/app/models/bot_challenge_page/test.html +0 -0
- data/lib/bot_challenge_page/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f123fae1f11aef11705e08404a9275bf61e9657cac5bc2833145494a26cbb10
|
|
4
|
+
data.tar.gz: 9ea4ba0896da4e3dc7ca4307fff1c18cc2f0b33a7c792d11f3ed926559f183a8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1e5ef5eaedf5c9705270da5b55ac3c0f8cf225b22ba09af3bb0782afcbc12ade3bc02b8c642ffaae14ca0c401a5858344c404c144d2094cf9f372f23ae5189c2
|
|
7
|
+
data.tar.gz: e65401e9d3a5b8379fad737842138312d5f3d3f003e59123246cbb0c0af9de932058736f07ba4b3f161eb39bdbe228e941635f63e861a7dcb0e465a1d7e6c272
|
data/README.md
CHANGED
|
@@ -120,7 +120,7 @@ Rails.application.config.to_prepare do
|
|
|
120
120
|
BotChallengePage::BotChallengePageController.bot_challenge_config.rate_limit_period = 36.hour
|
|
121
121
|
BotChallengePage::BotChallengePageController.bot_challenge_config.rate_limit_count = 3
|
|
122
122
|
|
|
123
|
-
BotChallengePage::BotChallengePageController.allow_exempt = ->(controller) {
|
|
123
|
+
BotChallengePage::BotChallengePageController.allow_exempt = ->(controller, config) {
|
|
124
124
|
# Excempt any Catalog #facet or #range_limit action that looks like an ajax/fetch request, the # challenge isn't going to work there, we just exempt it.
|
|
125
125
|
#
|
|
126
126
|
# sec-fetch-dest is set to 'empty' by browser on fetch requests, to limit us further;
|
|
@@ -169,6 +169,8 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
169
169
|
|
|
170
170
|
* Joe's [similar plugin for drupal](https://drupal.org/project/turnstile_protect)
|
|
171
171
|
|
|
172
|
+
* Joe's [similar plugin for traefik reverse-proxy](https://github.com/libops/captcha-protect)
|
|
173
|
+
|
|
172
174
|
* [Similar feature built into PHP VuFind app](https://github.com/vufind-org/vufind/pull/4079)
|
|
173
175
|
|
|
174
176
|
* [My own blog post about this approach](https://bibwild.wordpress.com/2025/01/16/using-cloudflare-turnstile-to-protect-certain-pages-on-a-rails-app/).
|
|
@@ -66,14 +66,14 @@ module BotChallengePage
|
|
|
66
66
|
attribute :after_blocked, default: ->(bot_detect_class) {}
|
|
67
67
|
|
|
68
68
|
|
|
69
|
-
# rate limit per subnet,
|
|
70
|
-
# subnet: /
|
|
69
|
+
# rate limit per subnet, follow lehigh's lead with
|
|
70
|
+
# subnet: /16 for IPv4 (x.y.*.*), and /64 for IPv6 (about the same size subnet for better or worse)
|
|
71
71
|
# https://git.drupalcode.org/project/turnstile_protect/-/blob/0dae9f95d48f9d8cae5a8e61e767c69f64490983/src/EventSubscriber/Challenge.php#L140-151
|
|
72
72
|
attribute :rate_limit_discriminator, default: (lambda do |req, config|
|
|
73
73
|
if req.ip.index(":") # ipv6
|
|
74
|
-
IPAddr.new("#{req.ip}/
|
|
74
|
+
IPAddr.new("#{req.ip}/64").to_string
|
|
75
75
|
else
|
|
76
|
-
IPAddr.new("#{req.ip}/
|
|
76
|
+
IPAddr.new("#{req.ip}/16").to_string
|
|
77
77
|
end
|
|
78
78
|
rescue IPAddr::InvalidAddressError
|
|
79
79
|
req.ip
|
|
File without changes
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bot_challenge_page
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Rochkind
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-04-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: appraisal
|
|
@@ -156,6 +156,7 @@ files:
|
|
|
156
156
|
- app/controllers/concerns/bot_challenge_page/enforce_filter.rb
|
|
157
157
|
- app/controllers/concerns/bot_challenge_page/rack_attack_init.rb
|
|
158
158
|
- app/models/bot_challenge_page/config.rb
|
|
159
|
+
- app/models/bot_challenge_page/test.html
|
|
159
160
|
- app/views/bot_challenge_page/_local_turnstile_script_tag.html.erb
|
|
160
161
|
- app/views/bot_challenge_page/_turnstile_widget_placeholder.html.erb
|
|
161
162
|
- app/views/bot_challenge_page/bot_challenge_page/challenge.html.erb
|