jduff-api-throttling 0.1.1 → 0.2.0

data/Rakefile

@@ -10,6 +10,7 @@ begin
     gemspec.homepage = "http://github.com/jduff/api-throttling/tree"
     gemspec.description = "TODO"
     gemspec.authors = ["Luc Castera", "John Duff"]
+    gemspec.add_development_dependency('context')
   end
 rescue LoadError
   puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
 :major: 0
-:minor: 1
-:patch: 1
+:minor: 2
+:patch: 0

data/lib/api_throttling.rb

@@ -5,34 +5,46 @@ require File.expand_path(File.dirname(__FILE__) + '/handlers/handlers')
 class ApiThrottling
   def initialize(app, options={})
     @app = app
-    @options = {:requests_per_hour => 60, :cache=>:redis}.merge(options)
+    @options = {:requests_per_hour => 60, :cache=>:redis, :auth=>true}.merge(options)
     @handler = Handlers.cache_handler_for(@options[:cache])
     raise "Sorry, we couldn't find a handler for the cache you specified: #{@options[:cache]}" unless @handler
   end
   
   def call(env, options={})
-    auth = Rack::Auth::Basic::Request.new(env)
-    if auth.provided?
+    if @options[:auth]
+      auth = Rack::Auth::Basic::Request.new(env)
+      return auth_required unless auth.provided?
       return bad_request unless auth.basic?
-		  begin
-		    cache = @handler.new(@options[:cache])
-		    key = "#{auth.username}_#{Time.now.strftime("%Y-%m-%d-%H")}"
-		    cache.increment(key)
-		    return over_rate_limit if cache.get(key).to_i > @options[:requests_per_hour]
-		  rescue Errno::ECONNREFUSED
-		    # If Redis-server is not running, instead of throwing an error, we simply do not throttle the API
-		    # It's better if your service is up and running but not throttling API, then to have it throw errors for all users
-		    # Make sure you monitor your redis-server so that it's never down. monit is a great tool for that.
-		  end
     end
+    
+    begin
+	    cache = @handler.new(@options[:cache])
+	    key = generate_key(env, auth)
+	    cache.increment(key)
+	    return over_rate_limit if cache.get(key).to_i > @options[:requests_per_hour]
+	  rescue Errno::ECONNREFUSED
+	    # If Redis-server is not running, instead of throwing an error, we simply do not throttle the API
+	    # It's better if your service is up and running but not throttling API, then to have it throw errors for all users
+	    # Make sure you monitor your redis-server so that it's never down. monit is a great tool for that.
+	  end
     @app.call(env)
   end
   
+  def generate_key(env, auth)
+    return @options[:key].call(env, auth) if @options[:key]
+    auth ? "#{auth.username}_#{Time.now.strftime("%Y-%m-%d-%H")}" : "#{Time.now.strftime("%Y-%m-%d-%H")}"
+  end
+  
   def bad_request
     body_text = "Bad Request"
     [ 400, { 'Content-Type' => 'text/plain', 'Content-Length' => body_text.size.to_s }, [body_text] ]
   end
   
+  def auth_required
+    body_text = "Authorization Required"
+    [ 401, { 'Content-Type' => 'text/plain', 'Content-Length' => body_text.size.to_s }, [body_text] ]
+  end
+  
   def over_rate_limit
     body_text = "Over Rate Limit"
     retry_after_in_seconds = (60 - Time.now.min) * 60

data/test/test_api_throttling.rb

@@ -7,33 +7,89 @@ require 'redis'
 
 class ApiThrottlingTest < Test::Unit::TestCase
   include Rack::Test::Methods
-  include BasicTests
-
-  def app
-    app = Rack::Builder.new {
-      use ApiThrottling, :requests_per_hour => 3
-      run lambda {|env| [200, {'Content-Type' =>  'text/plain', 'Content-Length' => '12'}, ["Hello World!"] ] }
-    }
-  end
   
-  def setup
-    # Delete all the keys for 'joe' in Redis so that every test starts fresh
-    # Having this here also helps as a reminder to start redis-server
-    begin
-		  r = Redis.new
-		  r.keys("joe*").each do |key|
-		    r.delete key
-		  end
-		  r.keys("luc*").each do |key|
-		    r.delete key
-		  end
-    rescue Errno::ECONNREFUSED
-      assert false, "You need to start redis-server"
+  context "using redis" do
+    before do
+      # Delete all the keys for 'joe' in Redis so that every test starts fresh
+      # Having this here also helps as a reminder to start redis-server
+      begin
+  		  r = Redis.new
+  		  r.keys("*").each do |key|
+  		    r.delete key
+  		  end
+  		  
+      rescue Errno::ECONNREFUSED
+        assert false, "You need to start redis-server"
+      end
+    end
+    
+    context "with authentication required" do
+      include BasicTests
+      
+      def app
+        app = Rack::Builder.new {
+          use ApiThrottling, :requests_per_hour => 3
+          run lambda {|env| [200, {'Content-Type' =>  'text/plain', 'Content-Length' => '12'}, ["Hello World!"] ] }
+        }
+      end
+    
+      def test_cache_handler_should_be_redis
+        assert_equal "Handlers::RedisHandler", app.to_app.instance_variable_get(:@handler).to_s
+      end
+      
+    end
+    
+    context "without authentication required" do
+      def app
+        app = Rack::Builder.new {
+          use ApiThrottling, :requests_per_hour => 3, :auth=>false
+          run lambda {|env| [200, {'Content-Type' =>  'text/plain', 'Content-Length' => '12'}, ["Hello World!"] ] }
+        }
+      end
+
+      def test_should_not_require_authorization
+        3.times do
+          get '/'
+          assert_equal 200, last_response.status
+        end
+        get '/'
+        assert_equal 503, last_response.status
+      end
+    end
+    
+    context "with rate limit key based on url" do
+      def app
+        app = Rack::Builder.new {
+          use ApiThrottling, :requests_per_hour => 3, 
+                             :key=>Proc.new{ |env,auth| "#{auth.username}_#{env['PATH_INFO']}_#{Time.now.strftime("%Y-%m-%d-%H")}" }
+          run lambda {|env| [200, {'Content-Type' =>  'text/plain', 'Content-Length' => '12'}, ["Hello World!"] ] }
+        }
+      end
+      
+      test "should throttle requests based on the user and url called" do
+        authorize "joe", "secret"
+        3.times do
+          get '/'
+          assert_equal 200, last_response.status
+        end
+        get '/'
+        assert_equal 503, last_response.status
+        
+        3.times do
+          get '/awesome'
+          assert_equal 200, last_response.status
+        end
+        get '/awesome'
+        assert_equal 503, last_response.status
+        
+        authorize "luc", "secret"
+        get '/awesome'
+        assert_equal 200, last_response.status
+        
+        get '/'
+        assert_equal 200, last_response.status
+      end
     end
-  end
-  
-  def test_cache_handler_should_be_redis
-    assert_equal "Handlers::RedisHandler", app.to_app.instance_variable_get(:@handler).to_s
   end
   
 end

data/test/test_api_throttling_hash.rb

@@ -7,7 +7,7 @@ class TestApiThrottlingHash < Test::Unit::TestCase
 
   def app
     app = Rack::Builder.new {
-      use ApiThrottling, :requests_per_hour => 3, :cache => HASH, :read_method=>"get", :write_method=>"add"
+      use ApiThrottling, :requests_per_hour => 3, :cache => HASH
       run lambda {|env| [200, {'Content-Type' =>  'text/plain', 'Content-Length' => '12'}, ["Hello World!"] ] }
     }
   end

data/test/test_api_throttling_memcache.rb

@@ -8,7 +8,7 @@ class TestApiThrottlingMemcache < Test::Unit::TestCase
 
   def app
     app = Rack::Builder.new {
-      use ApiThrottling, :requests_per_hour => 3, :cache => CACHE, :read_method=>"get", :write_method=>"add"
+      use ApiThrottling, :requests_per_hour => 3, :cache => CACHE
       run lambda {|env| [200, {'Content-Type' =>  'text/plain', 'Content-Length' => '12'}, ["Hello World!"] ] }
     }
   end

data/test/test_helper.rb

@@ -1,6 +1,7 @@
 require 'rubygems'
 require 'rack/test'
 require 'test/unit'
+require 'context'
 require File.expand_path(File.dirname(__FILE__) + '/../lib/api_throttling')
 
 # this way we can include the module for any of the handler tests
@@ -14,25 +15,17 @@ module BasicTests
   
   def test_fourth_request_should_be_blocked
     authorize "joe", "secret"
-    get '/'
-    assert_equal 200, last_response.status
-    get '/'
-    assert_equal 200, last_response.status
-    get '/'
-    assert_equal 200, last_response.status
-    get '/'
-    assert_equal 503, last_response.status
+    3.times do
+      get '/'
+      assert_equal 200, last_response.status
+    end
     get '/'
     assert_equal 503, last_response.status
   end
   
   def test_over_rate_limit_should_only_apply_to_user_that_went_over_the_limit
     authorize "joe", "secret" 
-    get '/'
-    get '/'
-    get '/'
-    get '/'
-    get '/'
+    5.times { get '/' }
     assert_equal 503, last_response.status
     authorize "luc", "secret"
     get '/'
@@ -41,21 +34,21 @@ module BasicTests
   
   def test_over_rate_limit_should_return_a_retry_after_header
     authorize "joe", "secret"
-    get '/'
-    get '/'
-    get '/'
-    get '/'
+    4.times { get '/' }
     assert_equal 503, last_response.status
     assert_not_nil last_response.headers['Retry-After']
   end
   
   def test_retry_after_should_be_less_than_60_minutes
     authorize "joe", "secret"
-    get '/'
-    get '/'
-    get '/'
-    get '/'
+    4.times { get '/' }
     assert_equal 503, last_response.status
     assert last_response.headers['Retry-After'].to_i <= (60 * 60)
   end
+  
+  def test_should_require_authorization
+    get '/'
+    assert_equal 401, last_response.status
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: jduff-api-throttling
 version: !ruby/object:Gem::Version 
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors: 
 - Luc Castera
@@ -10,10 +10,19 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-07-03 00:00:00 -07:00
+date: 2009-07-06 00:00:00 -07:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: context
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
 description: TODO
 email: duff.john@gmail.com
 executables: []