RubyGems - gitlab-labkit - Versions diffs - 1.14.0 → 1.15.0 - Mend

gitlab-labkit 1.14.0 → 1.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/labkit/rate_limit/limiter.rb +59 -7
data/lib/labkit/rate_limit/rule.rb +23 -2
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b563d434908c8c7473aeebf5be13bf8f1f6d4f9634cbbdb389581bb5c4b14953
-  data.tar.gz: 0b004077e12eb342c449856c7eadfcae558ea78b024eca86f4686cb7b06ef0b1
+  metadata.gz: 5840ade4baa1fb379ae82748354a74571d6806e529c205010139846489f50579
+  data.tar.gz: 802528c013a130b2925b19760a29e8d7c33aa9c042ed3a024ac0dc9bb8fa6127
 SHA512:
-  metadata.gz: 03cd36c29407a01003104a8893d4afefdf452875e286b7535590ddae7febabf8fede9193de3946ac25008b11a3210b7a4454fd85638c654270039b94383cfb01
-  data.tar.gz: c9679d0fcb0aa67389801afeabc0fe1e625193f77eab5d41911451df82145a26e020761132ae0a1646b3e3720fbc7f7743d420f7ad1745c5d8f88443151ee777
+  metadata.gz: 9e3b44e0271effb09c593dc582cd69221c3f83b255535d5fd456033f22f6f933fe9c15e8a204d8868fa20644838bdfbf17578d151eb9fe906a731b650bbb1902
+  data.tar.gz: 98483520ad13fbfe52edd39ce6c879ea86b6240cdbf16e8deb9254abfce4d1e825029560119f79d76254efac3d97228ce35243cba21b3f269a32ec6f55612a36

data/lib/labkit/rate_limit/limiter.rb CHANGED Viewed

@@ -20,14 +20,15 @@ module Labkit
       NAME_PATTERN = /\A[a-z0-9_]+\z/
       def initialize(name:, rules:, redis: nil, logger: nil)
-        resolved_logger = logger || RateLimit.config.logger || Labkit::Logging::JsonLogger.new($stdout)
-        validated_name = validate_name!(name, resolved_logger)
+        @logger = logger || RateLimit.config.logger || Labkit::Logging::JsonLogger.new($stdout)
+        validated_name = validate_name!(name)
+        @name = validated_name
         @evaluator = Evaluator.new(
           name: validated_name,
-          rules: rules,
+          rules: prepare_rules(rules),
           redis: redis || RateLimit.config.redis,
-          logger: resolved_logger
+          logger: @logger
         )
       end
@@ -35,19 +36,70 @@ module Labkit
       # @return [Result]
       def check(identifier)
         id = identifier.is_a?(Identifier) ? identifier : Identifier.new(identifier)
-        @evaluator.check(id)
+        result = @evaluator.check(id)
+        if result.exceeded? && result.action == :block
+          @logger.warn(
+            message: "rate_limit_check",
+            name: @name,
+            rule_name: result.rule.name,
+            exceeded: true,
+            severity: "WARN"
+          )
+        end
+        result
       end
       private
-      def validate_name!(name, logger)
+      def validate_name!(name)
         raise ArgumentError, "name must be a non-empty String" unless name.is_a?(String) && !name.empty?
         return name if NAME_PATTERN.match?(name)
         raise ArgumentError, "Invalid name: #{name.inspect}. Must match /\\A[a-z0-9_]+\\z/" if Labkit.dev_or_test?
         sanitized = name.gsub(/[^a-z0-9_]/, "_")
-        logger.warn(message: "rate_limit_invalid_name", name: name, sanitized: sanitized)
+        @logger.warn(message: "rate_limit_invalid_name", name: name, sanitized: sanitized)
+        sanitized
+      end
+      # Validates and deduplicates rule names before passing rules to Evaluator.
+      # In dev/test: raises on invalid format or duplicate names.
+      # In production: sanitizes invalid names (WARN) and drops duplicates (WARN, first wins).
+      # Returns an array of rules with sanitized names.
+      def prepare_rules(rules)
+        seen = {}
+        rules.each_with_index.filter_map do |rule, idx|
+          sanitized = sanitize_rule_name(rule.name)
+          if seen.key?(sanitized)
+            raise ArgumentError, "Duplicate rule name #{sanitized.inspect} at index #{idx}" if Labkit.dev_or_test?
+            @logger.warn(
+              message: "rate_limit_duplicate_rule_name",
+              name: sanitized,
+              dropped_occurrence: idx
+            )
+            next nil
+          end
+          seen[sanitized] = true
+          sanitized == rule.name ? rule : rule.with(name: sanitized) # rubocop:disable CodeReuse/ActiveRecord
+        end
+      end
+      def sanitize_rule_name(name)
+        s = name.to_s
+        return s if RULE_NAME_PATTERN.match?(s) && s.length <= RULE_NAME_MAX_LENGTH
+        sanitized = s.downcase.gsub(/[^a-z0-9_]/, "_")[0, RULE_NAME_MAX_LENGTH]
+        sanitized = "unnamed_rule" if sanitized.empty?
+        @logger.warn(
+          message: "rate_limit_invalid_rule_name",
+          original_name: s,
+          sanitized_name: sanitized
+        )
         sanitized
       end
     end

data/lib/labkit/rate_limit/rule.rb CHANGED Viewed

@@ -2,6 +2,10 @@
 module Labkit
   module RateLimit
+    KNOWN_ACTIONS = [:block, :log].freeze
+    RULE_NAME_PATTERN = /\A[a-z0-9_]+\z/
+    RULE_NAME_MAX_LENGTH = 64
     # Rule is a value object describing a single rate limit rule.
     # name            - stable identifier used in Redis keys and log entries
     # match           - hash of identifier key/value pairs that must all match for
@@ -10,14 +14,31 @@ module Labkit
     # period          - window in seconds; may be a callable (resolved per check)
     # action          - :block (enforce) or :log (count and log, but do not block)
     # characteristics - identifier keys used to build the compound Redis counter key
+    #
+    # +name+ must be a lowercase alphanumeric-and-underscore string of at most 64
+    # characters. It is used as the middle segment of every Redis counter key for
+    # this rule, so changing a rule's name mid-window abandons its in-flight counters.
     Rule = Data.define(:name, :match, :limit, :period, :action, :characteristics) do
       def initialize(name:, limit:, period:, characteristics:, match: {}, action: :block)
+        raise ArgumentError, "name must be a String or Symbol, got #{name.class}" unless name.is_a?(String) || name.is_a?(Symbol)
+        name_str = name.to_s
+        raise ArgumentError, "name must not be empty" if name_str.empty?
+        action_sym = action.to_sym
+        raise ArgumentError, "Invalid action: #{action.inspect}. Must be one of: #{KNOWN_ACTIONS.inspect}" unless KNOWN_ACTIONS.include?(action_sym)
+        if Labkit.dev_or_test?
+          raise ArgumentError, "Invalid rule name: #{name.inspect}. Must match /\\A[a-z0-9_]+\\z/" unless RULE_NAME_PATTERN.match?(name_str)
+          raise ArgumentError, "Rule name too long: #{name.inspect}. Maximum 64 characters" if name_str.length > RULE_NAME_MAX_LENGTH
+        end
         super(
-          name: name.to_s.tr(":", "_"),
+          name: name_str.freeze,
           match: match.transform_keys(&:to_sym).freeze,
           limit: limit,
           period: period,
-          action: action.to_sym,
+          action: action_sym,
           characteristics: Array(characteristics).map(&:to_sym).freeze
         )
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-labkit
 version: !ruby/object:Gem::Version
-  version: 1.14.0
+  version: 1.15.0
 platform: ruby
 authors:
 - Andrew Newdigate