bot_challenge_page 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +10 -0
  3. data/app/controllers/concerns/bot_challenge_page/guard_action.rb +7 -3
  4. data/lib/bot_challenge_page/config.rb +2 -0
  5. data/lib/bot_challenge_page/version.rb +1 -1
  6. metadata +10 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 62e4404007888e13f20c7ec554c37d7afd5727c5e3b2e21e671d72fa7bf9c589
4
- data.tar.gz: 3f52d0766f04f9268fff39ebca416fa7fb51c7b2314dc4e39e204fce5c25811b
3
+ metadata.gz: e9bab69af841c919b3b1f86fe7b2a955336b5f32628b8f285cb30a46ae66864d
4
+ data.tar.gz: 92ba43d7c776cd7dfa9e73299d8872d0d9720e0056483ff91dbd98a6f3033303
5
5
  SHA512:
6
- metadata.gz: 7f9cc9d5917dbe0eced73fdbe74529644197d5181c2b77511bd5055664ba46b01525a149b1ff1258071015dec2862772179f11073ee28bb3fbfcd1c1b05300d6
7
- data.tar.gz: 1d2a65e52aada9752f5d7149834a73ae75e6d9974839f91f55982da49b6803e3f3f2cd052f5fe809039de96f34e8180b916ac5da7c8eeb46e033c9c8dc1b7873
6
+ metadata.gz: 382303ff3e535338d0e0ad1cc865e76654b29f0632dd1c37324a27f58e05697687bde0699efcc13e6cb05d19b317cc730b33797fc0a6db05581ffc8fbc61ce17
7
+ data.tar.gz: 663f8a44261025faf00eab1f0748b5888c03af5273000af89022ce7ed343882a7e03655f27e339084aeff9fd07009910609a05e48a39f97106a48b01ac34b803
data/README.md CHANGED
@@ -112,6 +112,16 @@ config.after_blocked = (_bot_challenge_class)-> {
112
112
  }
113
113
  ```
114
114
 
115
+ If you'd like to log every time a request is let through because it has a verified session pass,
116
+ which could be a lot of data, use `after_session_pass`.
117
+
118
+ ```ruby
119
+ config.after_session_pass = (_bot_challenge_class)-> {
120
+ logger.info("page allowed through by session pass: #{request.uri}")
121
+ }
122
+ ```
123
+
124
+
115
125
  Or, here's how I managed to get it in [lograge](https://github.com/roidrage/lograge), so a page blocked results in a `bot_chlng=true` param in a lograge line.
116
126
 
117
127
  ```ruby
data/app/controllers/concerns/bot_challenge_page/guard_action.rb CHANGED
@@ -13,7 +13,7 @@ module BotChallengePage
13
13
  # Render challenge page when necessary, otherwise do nothing allowing ordinary rails render.
14
14
  def bot_challenge_guard_action(controller)
15
15
  if self.bot_challenge_config.enabled &&
16
- ! self._bot_detect_passed_good?(controller.request) &&
16
+ ! self._bot_detect_passed_good?(controller) &&
17
17
  ! controller.kind_of?(self) # don't ever guard ourself, that'd be a mess!
18
18
 
19
19
  # we can only do GET requests right now
@@ -51,7 +51,9 @@ module BotChallengePage
51
51
 
52
52
  # Does the session already contain a bot detect pass that is good for this request
53
53
  # Tie to IP address to prevent session replay shared among IPs
54
- def _bot_detect_passed_good?(request)
54
+ def _bot_detect_passed_good?(controller)
55
+ request = controller.request
56
+
55
57
  session_data = request.session[self.bot_challenge_config.session_passed_key]
56
58
 
57
59
  return false unless session_data && session_data.kind_of?(Hash)
@@ -61,7 +63,9 @@ module BotChallengePage
61
63
  fingerprint = session_data[self::SESSION_FINGERPRINT_KEY]
62
64
 
63
65
  (Time.now - Time.iso8601(datetime) < self.bot_challenge_config.session_passed_good_for ) &&
64
- fingerprint == self.bot_challenge_config.session_valid_fingerprint.call(request)
66
+ (fingerprint == self.bot_challenge_config.session_valid_fingerprint.call(request)) &&
67
+ # not a real condition, just to call our hook on passed
68
+ (controller.instance_exec(self, &self.bot_challenge_config.after_session_passed) || true)
65
69
  end
66
70
  end
67
71
  end
data/lib/bot_challenge_page/config.rb CHANGED
@@ -45,6 +45,8 @@ module BotChallengePage
45
45
 
46
46
  attribute :after_blocked, default: ->(bot_detect_class) {}
47
47
 
48
+ attribute :after_session_passed, default: ->(bot_detect_class) {}
49
+
48
50
 
49
51
  # rate limit per subnet, follow lehigh's lead with
50
52
  # subnet: /16 for IPv4 (x.y.*.*), and /64 for IPv6 (about the same size subnet for better or worse)
data/lib/bot_challenge_page/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module BotChallengePage
2
- VERSION = "1.0.0"
2
+ VERSION = "1.2.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bot_challenge_page
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Rochkind
@@ -117,16 +117,22 @@ dependencies:
117
117
  name: http
118
118
  requirement: !ruby/object:Gem::Requirement
119
119
  requirements:
120
- - - "~>"
120
+ - - ">="
121
121
  - !ruby/object:Gem::Version
122
122
  version: '5.2'
123
+ - - "<"
124
+ - !ruby/object:Gem::Version
125
+ version: '7'
123
126
  type: :runtime
124
127
  prerelease: false
125
128
  version_requirements: !ruby/object:Gem::Requirement
126
129
  requirements:
127
- - - "~>"
130
+ - - ">="
128
131
  - !ruby/object:Gem::Version
129
132
  version: '5.2'
133
+ - - "<"
134
+ - !ruby/object:Gem::Version
135
+ version: '7'
130
136
  email:
131
137
  - jonathan@dnil.net
132
138
  executables: []
@@ -174,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
174
180
  - !ruby/object:Gem::Version
175
181
  version: '0'
176
182
  requirements: []
177
- rubygems_version: 3.7.1
183
+ rubygems_version: 4.0.6
178
184
  specification_version: 4
179
185
  summary: Show a bot challenge interstitial for Rails, usually using Cloudflare Turnstile
180
186
  test_files: []