bot_challenge_page 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62e4404007888e13f20c7ec554c37d7afd5727c5e3b2e21e671d72fa7bf9c589
-  data.tar.gz: 3f52d0766f04f9268fff39ebca416fa7fb51c7b2314dc4e39e204fce5c25811b
+  metadata.gz: 0f487a01c979d017a65f2ef03c460ecd54eab49047fefd344d31f0b17f7d43fa
+  data.tar.gz: 4e1ff3d6d6fb127a99fdb8d59a2251f5473138f1b9dcd361762f6700b96586f8
 SHA512:
-  metadata.gz: 7f9cc9d5917dbe0eced73fdbe74529644197d5181c2b77511bd5055664ba46b01525a149b1ff1258071015dec2862772179f11073ee28bb3fbfcd1c1b05300d6
-  data.tar.gz: 1d2a65e52aada9752f5d7149834a73ae75e6d9974839f91f55982da49b6803e3f3f2cd052f5fe809039de96f34e8180b916ac5da7c8eeb46e033c9c8dc1b7873
+  metadata.gz: 05e2489f513ef948b8d0a1ec2446d722a5277ac8e88c78676efbd3ebc5befa564d981e98e288786de9b237035e4213d48250b7ef6288f687ee6127b67538824b
+  data.tar.gz: db452f92074ac849d6e568bba787e684951c4977d0176b359179c974fa51b3d464c0b9494212345183638f6e669a3a0ea577eb0446ff954b14ced5bcaca93aff

data/README.md

@@ -112,6 +112,16 @@ config.after_blocked = (_bot_challenge_class)->  {
 }
 ```
 
+If you'd like to log every time a request is let through because it has a verified session pass,
+which could be a lot of data, use `after_session_pass`.
+
+```ruby
+config.after_session_pass = (_bot_challenge_class)->  {
+  logger.info("page allowed through by session pass: #{request.uri}")
+}
+```
+
+
 Or, here's how I managed to get it in [lograge](https://github.com/roidrage/lograge), so a page blocked results in a `bot_chlng=true` param in a lograge line.
 
 ```ruby

data/app/controllers/concerns/bot_challenge_page/guard_action.rb

@@ -13,7 +13,7 @@ module BotChallengePage
       # Render challenge page when necessary, otherwise do nothing allowing ordinary rails render.
       def bot_challenge_guard_action(controller)
         if self.bot_challenge_config.enabled &&
-            ! self._bot_detect_passed_good?(controller.request) &&
+            ! self._bot_detect_passed_good?(controller) &&
             ! controller.kind_of?(self) # don't ever guard ourself, that'd be a mess!
 
           # we can only do GET requests right now
@@ -51,7 +51,9 @@ module BotChallengePage
 
       # Does the session already contain a bot detect pass that is good for this request
       # Tie to IP address to prevent session replay shared among IPs
-      def _bot_detect_passed_good?(request)
+      def _bot_detect_passed_good?(controller)
+        request = controller.request
+
         session_data = request.session[self.bot_challenge_config.session_passed_key]
 
         return false unless session_data && session_data.kind_of?(Hash)
@@ -61,7 +63,9 @@ module BotChallengePage
         fingerprint   = session_data[self::SESSION_FINGERPRINT_KEY]
 
         (Time.now - Time.iso8601(datetime) < self.bot_challenge_config.session_passed_good_for ) &&
-        fingerprint == self.bot_challenge_config.session_valid_fingerprint.call(request)
+        (fingerprint == self.bot_challenge_config.session_valid_fingerprint.call(request)) &&
+        # not a real condition, just to call our hook on passed
+        (controller.instance_exec(self, &self.bot_challenge_config.after_session_passed) || true)
       end
     end
   end

data/lib/bot_challenge_page/config.rb

@@ -45,6 +45,8 @@ module BotChallengePage
 
     attribute :after_blocked, default: ->(bot_detect_class) {}
 
+    attribute :after_session_passed, default: ->(bot_detect_class) {}
+
 
     # rate limit per subnet, follow lehigh's lead with
     # subnet: /16 for IPv4 (x.y.*.*), and /64 for IPv6 (about the same size subnet for better or worse)

data/lib/bot_challenge_page/version.rb

@@ -1,3 +1,3 @@
 module BotChallengePage
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bot_challenge_page
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Jonathan Rochkind