merb_threshold 0.1.4

data/lib/merb_threshold/frequency.rb

@@ -0,0 +1,165 @@
+module Merb
+  module Threshold
+
+    ##
+    #
+    # @note
+    #   * time is treated as relative from 'now' 
+    #   * nowhere are events sorted within this class so they should
+    #     be added in their proper order
+    #   * Why? its easy to do this from the controller naturally since time is linear (right?)
+    #       and its faster not having to worry about sorting whenever an occurrence is added
+    #
+    class Frequency      
+      attr_reader :interval, :occurrence, :units, :period, :events
+  
+      # Frequency.new(5, 30, :seconds)  =>  "5 times per 30 seconds"
+      # Frequency.new(1, 3.minutes)     =>  "1 time per 180 seconds"
+      def initialize(occ,int,unts = nil)
+        @occurrence   = occ
+        @interval     = int
+    
+        # All test are done with the period (reduced to seconds)
+        # 50.minutes #=> 50.send :minutes => 3000 seconds        
+        if unts
+          @period       = interval.send unts
+          @units = unts
+        else #no units default :seconds
+          @period       = interval
+          cast_units
+        end
+        
+        #If the period is zero, never permit?
+        if period == 0
+          @occurrence = 0
+        end
+      end
+    
+      ##
+      # tests if the frequency would permit the additional occurence or if it
+      #   would exceed the frequency.  Histories can be loaded with frequency#load
+      #
+      # @see #load
+      #
+      # @return [Boolean]
+      #
+      def permit?
+        (current_events.length < occurrence)
+      end
+
+      ##
+      # How long until the resource is freely available
+      #
+      # @return [~Numeric]
+      def wait
+        num_evts = current_events.length
+        if num_evts == 0 || num_evts < occurrence
+          return 0
+        else #How long until the oldest falls off?
+          # originally had now - period > @mm.first but +1 all over the place was
+          #   retareded:
+          # Want: now - period >= @mm.first
+          #   now - period + x == @mm.first
+          #   => x == @mm.first + period - now
+          return (current_events.first + period - Time.now.to_i)
+        end
+      end
+
+      ##
+      # Loads a history of events
+      # 
+      # @param evts [~Array[Fixnum]] list of timestamps
+      #
+      # @note
+      #   Should be loaded presorted (threshold should always stored sorted min=>high)
+      #   an array is used rather than a set because duplicates may be needed 
+      #   (concurrent access times)
+      #
+      def load(evts)
+        @events ||= []
+        @events += evts
+      end
+      
+      ##
+      # clears current events and sets
+      # 
+      # @param evts [~Array[Fixnum]] list of timestamps
+      #
+      # @see #load
+      #
+      #
+      def load!(evts)
+        @events = evts
+      end
+      
+      ##
+      # flushes the events array
+      #
+      def flush
+        @events = []
+      end
+      
+      ##
+      # adds a single event, this always adds and does not perform a permit? first
+      # @param evt [Fixnum] Timestamp
+      #
+      # @return [Array[Fixnum]]
+      def add(evt)
+        @events ||= []
+        @events << evt
+        @events
+      end
+  
+      ##
+      # The rate of occurences in seconds
+      #   returns the frequency for events that happened over period
+      #
+      # @see #events
+      # @see #load
+      # @see #period
+      #
+      # @return [~Numeric]
+      #
+      def rate
+        current_events.length / period.to_f
+      end
+                    
+      ##
+      # Casts frequency units when not specified
+      #
+      def cast_units
+        case @interval
+        when 0..120     # :seconds
+          @units = (@interval != 1 ? :seconds : :second)
+        when 121..3600  # :minutes
+          @interval = @interval / 60.0
+          @units = (@interval != 1 ? :minutes : :minute)
+        else            # :hours
+          @interval = @interval / 3600.0
+          @units = (@interval != 1 ? :hours : :hour)
+        end
+      end        
+              
+      ##
+      # Describe the frequency
+      #
+      # @return [String]
+      def to_s
+        @to_s ||= "#{occurrence} time#{'s' if occurrence != 1} per #{interval} #{units}"
+      end
+    
+      ##
+      # Get list of events for current period
+      #
+      # @return [Array[Fixnum]]
+      #
+      def current_events
+        if @events
+          @events.find_all{ |evt| evt >= (Time.now.to_i - period) }
+        else
+          @events ||= []
+        end
+      end
+    end
+  end
+end

data/lib/merb_threshold/helpers/recaptcha_helper.rb

@@ -0,0 +1,70 @@
+module Merb
+  module Threshold
+    module Helpers    
+      ##
+      # Display a captcha if the threshold has been exceeded
+      #
+      # @param threshold_name [~Symbol] key to look up
+      #
+      # @params opts [Hash] passed to partial as 'threshold_options'
+      #   Pass any params intended for RecaptchaOptions
+      #   Additionally may pass:
+      #     :
+      #     :partial => "./path/to/alternate/partial"
+      #     :ssl      => TRue|False
+      #     :partial_opts => {} #options to pass to partial()
+      #       #Theses keys are deleted before being passed to RecapthaOptions
+      #
+      # @return [String]
+      def captcha(threshold_name = nil, opts={})
+        if threshold_name.is_a?(Hash)
+          opts = threshold_name
+          threshold_name = action_name
+        end
+
+        curr_threshold_key = threshold_key(threshold_name)
+        
+        # Has the thresholded resource been accessed during this request
+        # if so 
+        #   if it was relaxed
+        #     dont show partial
+        #   else
+        #     show partial
+        # else #resource wasn't access
+        #   if permit_another?
+        #     dont show partial
+        #   else 
+        #     show partial
+        #       
+        @show_captcha = if @relaxed_thresholds && @relaxed_thresholds.key?(curr_threshold_key)
+          if @relaxed_thresholds[curr_threshold_key]
+            false #dont show partial, it was relaxed
+          else 
+            true #show partial, threshold exceeded
+          end
+        else
+          !will_permit_another?(threshold_name)
+        end
+      
+        # if it won't permit another, show the captcha
+        if @show_captcha
+          _src_uri        = opts.delete(:ssl) ? RecaptchaClient::API_SSL_SERVER : RecaptchaClient::API_SERVER
+          
+          _encoded_key    = escape_html(RecaptchaClient.public_key)
+        
+          _recaptcha_partial = (opts.delete(:partial) || Merb::Plugins.config[:merb_threshold][:captcha_partial])
+          _partial_opts   = opts.delete(:partial_opts) || {}
+        
+          _partial_opts.merge!({
+            :src_uri            => _src_uri, 
+            :encoded_key        => _encoded_key, 
+            :threshold_options  => opts,
+            :captcha_error      => escape_html(@captcha_error.to_s)
+          })
+        
+          partial(_recaptcha_partial, _partial_opts)
+        end
+      end
+    end
+  end
+end

data/lib/merb_threshold/helpers/wait_helper.rb

@@ -0,0 +1,56 @@
+module Merb
+  module Threshold
+    module Helpers
+  
+      ##
+      # Display a wait message if the threshold has been exceeded
+      #
+      # @param threshold_name [~Symbol] key to look up
+      #
+      # @params opts [Hash] passed to partial as 'threshold_options'
+      #     :partial_opts => {} #options to pass to partial()
+      # @return [String]
+      def wait(threshold_name = nil,opts={})
+        if threshold_name.is_a?(Hash)
+          opts = threshold_name
+          threshold_name = action_name
+        end
+
+        curr_threshold_key = threshold_key(threshold_name)
+        
+        # Has the thresholded resource been accessed during this request
+        # if so 
+        #   if it was relaxed
+        #     dont show partial
+        #   else
+        #     show partial
+        # else #resource wasn't access
+        #   if permit_another?
+        #     dont show partial
+        #   else 
+        #     show partial
+        #       
+        @show_wait = if @relaxed_thresholds && @relaxed_thresholds.key?(curr_threshold_key)
+          if @relaxed_thresholds[curr_threshold_key]
+            false #dont show partial, it was relaxed
+          else 
+            true #show partial, threshold exceeded
+          end
+        else #wasn't accessed, will it permit another?
+          !will_permit_another?(threshold_name)
+        end
+
+        # if it wont permit another show wait
+        if @show_wait
+          _wait_partial = opts.delete(:partial) || Merb::Plugins.config[:merb_threshold][:wait_partial]
+          _partial_opts = opts.delete(:partial_opts) || {}
+          _partial_opts.merge!({
+            :seconds_to_wait => (waiting_period[threshold_key(threshold_name)] || 0)
+          })
+          partial(_wait_partial,_partial_opts)
+        end
+      end
+  
+    end
+  end
+end

data/lib/merb_threshold/merbtasks.rb

@@ -0,0 +1,40 @@
+require 'fileutils'
+namespace :merb_threshold do    
+  desc "Generate captcha partial OUT=./path/to/partials"
+  task :generate_captcha do
+    from  = File.dirname(__FILE__)
+    to    = File.join(ENV['OUT'],'_recaptcha_partial.html.erb')
+    FileUtils.cp File.join(from,'templates','_recaptcha_partial.html.erb'), to
+    
+    if File.exist? to
+      puts "Captcha partial created: #{to}"
+    else
+      puts "Could not create partial: #{to}"
+    end
+  end
+
+  desc "Generate wait partial OUT=./path/to/partials"
+  task :generate_wait do
+    from  = File.dirname(__FILE__)
+    to    = File.join(ENV['OUT'],'_wait_partial.html.erb')
+    FileUtils.cp File.join(from,'templates','_wait_partial.html.erb'), to
+    
+    if File.exist? to
+      puts "Wait partial created: #{to}"
+    else
+      puts "Could not create partial: #{to}"
+    end
+  end
+end
+
+namespace :audit do
+  desc "Print out all thresholds"
+  task :thresholds => :merb_env do
+    puts "Thresholds:"
+    Merb::Controller.send(:class_variable_get, "@@_threshold_map").each do |name,opts|
+      limit = opts[:limit].is_a?(Array) ? 
+        Merb::Threshold::Frequency.new(*opts[:limit]) : opts[:limit]
+      puts " ~ #{name}: #{limit.to_s}"
+    end
+  end
+end

data/lib/merb_threshold/per.rb

@@ -0,0 +1,13 @@
+
+module Merb
+  module Threshold
+    # Add support for doing
+    # :limit => 1.per(30.seconds)
+    # :limit => 1.per(50, :minutes)
+    module Per
+      def per(period, units = nil)
+        Frequency.new(self,period,units)
+      end
+    end
+  end
+end

data/lib/merb_threshold/recaptcha_client.rb

@@ -0,0 +1,47 @@
+require 'net/http'
+
+module Merb
+  module Threshold
+    class RecaptchaClient
+      API_SERVER        = "http://api.recaptcha.net"
+      API_SSL_SERVER    = "https://api-secure.recaptcha.net"
+      API_VERIFY_SERVER = "http://api-verify.recaptcha.net"
+      
+      def self.public_key
+        @@public_key
+      end
+      def self.public_key=(key)
+        @@public_key = key
+      end
+      def self.private_key
+        @@private_key
+      end
+      def self.private_key=(key)
+        @@private_key = key
+      end
+      
+      ##
+      # Attempt to solve the captcha
+      #
+      # @param ip [String] remote ip address
+      # @param challenge [String] captcha challenge
+      # @param response [String] captcha response
+      #
+      # @return [Array[Boolean,String]]
+      #
+      def self.solve(ip,challenge,response)
+        response = Net::HTTP.post_form(URI.parse(API_VERIFY_SERVER + '/verify'),{
+          :privatekey => @@private_key,
+          :remoteip   => ip,         #request.remote_ip,
+          :challenge  => challenge,  #params[:recaptcha_challenge_field],
+          :response   => response    #params[:recaptcha_response_field]
+        })
+        
+        answer, error = response.body.split.map { |s| s.chomp }
+
+        [ !!(answer=='true'), error ]
+      end
+
+    end
+  end
+end

data/lib/merb_threshold/templates/_recaptcha_partial.html.erb

@@ -0,0 +1,16 @@
+<script type="text/javascript">
+	var RecaptchaOptions = <%= threshold_options.to_json %>
+</script>
+
+<script type="text/javascript" src="<%=src_uri-%>/challenge?k=<%=encoded_key-%>&error=<%=captcha_error-%>">
+
+</script>
+
+<noscript>
+	<iframe src="<%=src_uri-%>/noscript?k=<%=encoded_key-%>&error=<%=captcha_error-%>" height="300" width="500" frameborder="0">
+	</iframe>
+	<br>
+	<textarea name="recaptcha_challenge_field" rows="3" cols="40">
+	</textarea>
+	<input type="hidden" name="recaptcha_response_field" value="manual_challenge">
+</noscript>

data/lib/merb_threshold/templates/_wait_partial.html.erb

@@ -0,0 +1,3 @@
+<span>
+	This resource will be available in <%= seconds_to_wait -%> seconds.
+</span>

data/spec/controller/merb_controller_spec.rb

@@ -0,0 +1,271 @@
+describe Merb::Controller do  
+  before(:all) do
+    class OtherController < Merb::Controller
+      def index; "Index"; end       
+    end
+    
+    class TestController < Merb::Controller
+      def index; "Index"; end 
+      def create; "Create"; end 
+      def destroy; "Destroy"; end 
+      def blog; "Blah blah"; end
+      
+      GhettoSessionStore = {}
+      #Why is this ghetto session hack here?  Because I spent like an hour trying to figure
+      # out how to get access to cookie based sessions in rspecs without starting a damn server
+      # up and couldn't figure it out.  Feel free to 'fix' this.
+      def session
+        GhettoSessionStore[params[:session_id]] ||={}
+        GhettoSessionStore[params[:session_id]]        
+      end
+
+    end
+  end
+  after(:each) do
+    TestController._before_filters.clear
+    TestController.send :class_variable_set, "@@_threshold_map", Mash.new
+  end
+
+  it 'should respond to #waiting_period' do
+    TestController.new('').should respond_to(:waiting_period)
+  end
+
+  it 'should respond to TestController.register_threshold' do
+    TestController.should respond_to(:register_threshold)
+  end
+
+  it 'should register the threshold with Merb::Controller so any threshold is accessible by all controllers' do
+    TestController.register_threshold(:cross_controller, :limit => 1.per(30.seconds))
+    @thresholds = OtherController.send :class_variable_get, "@@_threshold_map"
+    @thresholds.key?(:cross_controller).should be(true)
+  end
+
+  it 'should respond to TestController.threshold_actions' do
+    TestController.should respond_to(:threshold_actions)
+  end
+  
+  it 'should respond to #permit_access?' do
+    TestController.new('').should respond_to(:permit_access?)
+  end
+  
+  it 'should respond to #is_currently_exceeded?' do
+    TestController.new('').should respond_to(:is_currently_exceeded?)
+  end
+  
+  it 'should respond to #access_history' do
+    TestController.new('').should respond_to(:access_history)
+  end
+    
+  it 'should define THRESHOLD_OPTIONS' do
+    defined?(Merb::Controller::THRESHOLD_OPTIONS).should == "constant"
+    Merb::Controller::THRESHOLD_OPTIONS.should be_instance_of(Array)
+  end
+
+  it 'should raise an exception if a threshold is not named' do
+    lambda{
+      TestController.register_threshold :limit => 1.per(30.seconds)
+    }.should raise_error(ArgumentError)
+  end
+  
+  it 'should raise an exception if an invalid option is passed' do
+    lambda{
+      TestController.register_threshold :create, :band => "stixx"
+    }.should raise_error(ArgumentError)
+  end
+  
+  it 'should define THRESHOLD_DEFAULTS' do
+    defined?(Merb::Controller::THRESHOLD_DEFAULTS).should == "constant"
+    Merb::Controller::THRESHOLD_DEFAULTS.should be_instance_of(Hash)
+  end
+  
+  it 'should wrap calls to before filter with threshold' do
+    class TestController
+      threshold_actions :index
+    end
+    TestController._before_filters.first.last[:only].member?("index")
+    TestController._before_filters.first.first.should be_instance_of(Proc)
+  end
+  
+  it 'should consider a captch invalid if the challenge was not submitted' do
+    pending
+  end
+  
+  it 'should be able to determine if a captcha is valid or not' do
+    TestController.threshold_actions :index, :limit => 1.per(1.week)
+    @response =     dispatch_to(TestController, :index,{:session_id=>"submitting_captcha"})
+    
+    # Logic here is that recaptcha, guarantees when a captcha is solved, just need to confirm
+    # that the api can be contacted
+    @response =     dispatch_to(TestController, :index,{
+      :session_id => "submitting_captcha",
+      :recaptcha_challenge_field => "bad challenge",
+      :recaptcha_response_field => "bad response"
+    })
+
+    @response.is_currently_exceeded?(:"test_controller/index").should be(true)
+    @response.instance_variable_get("@captcha_error").should_not be(nil)
+  end
+    
+  it 'should be able to relax a threshold by waiting' do
+    unless ENV['SKIP_WAIT']
+      TestController.threshold_actions :index, :limit => 1.per(2.seconds)
+      @response =     dispatch_to(TestController, :index,{:session_id=>"allow_wait_timeout"})
+    
+      @response.is_currently_exceeded?(:"test_controller/index").should be(false)
+      @response =     dispatch_to(TestController, :index,{:session_id=>"allow_wait_timeout"})
+      @response.is_currently_exceeded?(:"test_controller/index").should be(true)
+    
+      @response.waiting_period[:"test_controller/index"].should be(2) 
+    
+      puts "Waiting a few seconds for timeout test..."
+      sleep(4)
+    
+      @response =     dispatch_to(TestController, :index,{
+        :session_id=>"allow_wait_timeout",
+        :debug => "true"
+      })
+      @response.is_currently_exceeded?(:"test_controller/index").should be(false)
+    end
+  end
+  
+  it 'should be able to relax a threshold that halts by waiting' do
+    unless ENV['SKIP_WAIT']
+      TestController.threshold_actions :index, :limit => [1,2.seconds], :halt_with => "Too many requests!"
+      @response =     dispatch_to(TestController, :index,{:session_id=>"allow_wait_timeout_w_halt"})
+    
+      @response.is_currently_exceeded?(:"test_controller/index").should be(false)
+      @response =     dispatch_to(TestController, :index,{:session_id=>"allow_wait_timeout_w_halt"})
+      @response.is_currently_exceeded?(:"test_controller/index").should be(true)
+    
+      @response.waiting_period[:"test_controller/index"].should be(2) 
+    
+      puts "Waiting a few seconds for timeout test..."
+      sleep(4)
+    
+      @response =     dispatch_to(TestController, :index,{:session_id=>"allow_wait_timeout_w_halt"})
+      @response.is_currently_exceeded?(:"test_controller/index").should be(false)
+    end
+  end
+  
+  it 'should be able to throw(:halt) when a threshold is exceeded' do
+    TestController.threshold_actions :create, 
+      :halt_with  => "Access Denied", 
+      :limit      => [1,30.minutes]
+
+    dispatch_to(TestController, :create,{:session_id=>"throw_halt_test"})
+
+    @response =     dispatch_to(TestController, :create,{:session_id=>"throw_halt_test"})
+    @response.body.should == "Access Denied"
+  end
+  
+  it 'should set the wait time when the threshold has been exceeded and in wait mode' do
+    TestController.threshold_actions :create, :limit => [1,30.minutes]
+    @response = dispatch_to(TestController, :create, {:session_id => "wait_bitch"})
+    @response = dispatch_to(TestController, :create, {:session_id => "wait_bitch"})
+
+    @response.waiting_period[:"test_controller/create"].should be(30.minutes)
+  end
+  
+  it 'should be able to determine if a threshold has been exceeded' do
+    TestController.threshold_actions :create, :limit => 1.per(30.minutes)
+    
+    dispatch_to(TestController, :create, {:session_id => "threshold_exceed?"})
+    @response = dispatch_to(TestController, :create, {:session_id => "threshold_exceed?"})
+
+    @response.is_currently_exceeded?(:"test_controller/create").should be(true)
+  end
+  
+  it 'should be able to specify params as portions of the key in Controller.threshold' do
+    TestController.threshold_actions :blog, 
+      :params => [:blog_id],
+      :limit => [1,30.minutes]
+      
+    @response = dispatch_to(TestController, :blog, {
+      :session_id => "params_in_key",
+      :blog_id  => 35,
+      :username => "awesome_user"
+    })
+
+    @response.access_history(:"test_controller/blog/35").should have(1).history
+  end
+  
+  it 'should add an access time when the threshold has not been exceeded' do
+    TestController.threshold_actions :create, :limit => [30,1.minute]
+    30.times do |access_counter|
+      @response = dispatch_to(TestController, :create,{:session_id=>"record_access_to_resource"})
+      @response.access_history(:"test_controller/create").should have(access_counter + 1).accesses
+    end
+  end
+  
+  it 'should not add an access time when the threshold has been exceeded' do
+    TestController.threshold_actions :create, :limit => [30,1.minute]
+    30.times do |access_counter|
+      @response = dispatch_to(TestController, :create,{:session_id=>"record_access_whilst_not_exceeded"})
+      @response.access_history(:"test_controller/create").should have(access_counter + 1).accesses
+    end
+    
+    @response = dispatch_to(TestController, :create,{:session_id=>"record_access_whilst_not_exceeded"})
+    @response.permit_access?(:"test_controller/create").should be(false)
+    @response.access_history(:"test_controller/create").should have(30).accesses
+  end
+  
+  it 'should be able to determine if it can permit another access' do
+    TestController.threshold_actions :index, :limit => 2.per(30.seconds)
+    @response = dispatch_to(TestController, :index,{:session_id=>"default_to_action_name"})
+    @response.will_permit_another?(:"test_controller/index").should be(true)
+    @response = dispatch_to(TestController, :index,{:session_id=>"default_to_action_name"})
+    @response.will_permit_another?(:"test_controller/index").should be(false)
+  end
+  
+  it 'should check the threshold with the action name if not provided' do
+    pending
+    #TestController.threshold_actions :index, :limit => 1.per(30.minutes)
+    #@response = dispatch_to(TestController, :index,{:session_id=>"default_to_action_name"})
+    #need an action to call permit_access?
+  end
+  
+  it 'should captcha everytime if the :limit is not set' do
+    pending
+  end
+  
+  it 'should never wait if the :limit is not set' do
+    pending
+  end
+    
+  it 'should apply the threshold to the controller when not specified' do
+    TestController.threshold_actions :limit => [10,30,:seconds]
+    dispatch_to(TestController, :index,{
+      :session_id=>"threshold_all_actions_test"
+    }).access_history(:test_controller).should have(1).accesses
+    
+    dispatch_to(TestController, :create,{
+      :session_id=>"threshold_all_actions_test"
+    }).access_history(:test_controller).should have(2).accesses
+    
+    dispatch_to(TestController, :destroy,{
+      :session_id=>"threshold_all_actions_test"
+    }).access_history(:test_controller).should have(3).accesses
+  end
+  
+  it 'should only apply the threshold to the action(s) specified' do
+    TestController.threshold_actions :destroy
+    TestController._before_filters.first.last[:only].length.should be(1)
+    TestController._before_filters.first.last[:only].first.should == "destroy"
+  end
+  
+  # Given same rule 2 per 30 seconds for index, create, destroy
+  # each should maintain its own history of accesses
+  #
+  it 'when multiple actions are specified their access histories should be kept separate' do
+    TestController.threshold_actions :index, :create, :limit => [2, 30, :seconds]
+
+    dispatch_to(TestController, :index,{:session_id=>"separate_history_test"})
+    @response1=dispatch_to(TestController, :index,{:session_id=>"separate_history_test"})
+    @response2=dispatch_to(TestController, :create,{:session_id=>"separate_history_test"})
+    @response3=dispatch_to(TestController, :destroy,{:session_id=>"separate_history_test"})
+
+    @response1.session[:merb_threshold_history][:"test_controller/index"].should have(2).request
+    @response2.session[:merb_threshold_history][:"test_controller/create"].should have(1).request
+    @response3.session[:merb_threshold_history][:"test_controller/destroy"].should be_nil
+  end
+end