rack-ai 0.2.0 → 0.4.0

data/lib/rack/ai/features/rate_limiter.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module Rack
+  module AI
+    module Features
+      class RateLimiter
+        attr_reader :name, :config
+
+        def initialize(config)
+          @name = :rate_limiter
+          @config = config
+          @cache = {}
+          @cleanup_interval = 300 # 5 minutes
+          @last_cleanup = Time.now
+        end
+
+        def enabled?
+          @config.feature_enabled?(:rate_limiter)
+        end
+
+        def process_response?
+          false
+        end
+
+        def process_request(env)
+          return { processed: false, reason: "disabled" } unless enabled?
+
+          client_id = extract_client_id(env)
+          current_time = Time.now
+          
+          cleanup_expired_entries if should_cleanup?
+          
+          # Get or initialize client data
+          client_data = @cache[client_id] ||= {
+            requests: [],
+            blocked_until: nil
+          }
+
+          # Check if client is currently blocked
+          if client_data[:blocked_until] && current_time < client_data[:blocked_until]
+            return {
+              processed: true,
+              action: :block,
+              reason: "rate_limited",
+              blocked_until: client_data[:blocked_until],
+              feature: @name,
+              timestamp: current_time.iso8601
+            }
+          end
+
+          # Clean old requests
+          window_start = current_time - rate_limit_window
+          client_data[:requests].reject! { |req_time| req_time < window_start }
+
+          # Check rate limit
+          if client_data[:requests].size >= max_requests_per_window
+            # Block client for penalty duration
+            client_data[:blocked_until] = current_time + penalty_duration
+            
+            return {
+              processed: true,
+              action: :block,
+              reason: "rate_limit_exceeded",
+              requests_count: client_data[:requests].size,
+              blocked_until: client_data[:blocked_until],
+              feature: @name,
+              timestamp: current_time.iso8601
+            }
+          end
+
+          # Record this request
+          client_data[:requests] << current_time
+
+          {
+            processed: true,
+            action: :allow,
+            requests_count: client_data[:requests].size,
+            remaining_requests: max_requests_per_window - client_data[:requests].size,
+            feature: @name,
+            timestamp: current_time.iso8601
+          }
+        end
+
+        private
+
+        def extract_client_id(env)
+          # Try multiple identification methods
+          client_ip = env['HTTP_X_FORWARDED_FOR']&.split(',')&.first&.strip ||
+                     env['HTTP_X_REAL_IP'] ||
+                     env['REMOTE_ADDR'] ||
+                     'unknown'
+          
+          user_agent = env['HTTP_USER_AGENT'] || 'unknown'
+          
+          # Create a hash of IP + User Agent for better identification
+          Digest::SHA256.hexdigest("#{client_ip}:#{user_agent}")[0..16]
+        end
+
+        def rate_limit_window
+          get_config_value(:rate_limit_window, 60) # 1 minute default
+        end
+
+        def max_requests_per_window
+          get_config_value(:max_requests_per_window, 100) # 100 requests per minute default
+        end
+
+        def penalty_duration
+          get_config_value(:penalty_duration, 300) # 5 minutes default
+        end
+
+        def get_config_value(key, default)
+          return default unless @config.respond_to?(:rate_limiter)
+          return default unless @config.rate_limiter.respond_to?(key)
+          @config.rate_limiter.public_send(key)
+        end
+
+        def should_cleanup?
+          Time.now - @last_cleanup > @cleanup_interval
+        end
+
+        def cleanup_expired_entries
+          current_time = Time.now
+          window_start = current_time - rate_limit_window
+          
+          @cache.each do |client_id, data|
+            # Remove expired requests
+            data[:requests].reject! { |req_time| req_time < window_start }
+            
+            # Remove expired blocks
+            data[:blocked_until] = nil if data[:blocked_until] && current_time >= data[:blocked_until]
+            
+            # Remove empty entries
+            if data[:requests].empty? && data[:blocked_until].nil?
+              @cache.delete(client_id)
+            end
+          end
+          
+          @last_cleanup = current_time
+        end
+      end
+    end
+  end
+end

data/lib/rack/ai/features/security_scanner.rb

@@ -0,0 +1,326 @@
+# frozen_string_literal: true
+
+module Rack
+  module AI
+    module Features
+      class SecurityScanner
+        attr_reader :name, :config
+
+        def initialize(config)
+          @name = :security_scanner
+          @config = config
+        end
+
+        def enabled?
+          @config.feature_enabled?(:security_scanner)
+        end
+
+        def process_response?
+          false
+        end
+
+        def process_request(env)
+          return { processed: false, reason: "disabled" } unless enabled?
+
+          threats = []
+          risk_score = 0.0
+
+          # Check for various security threats
+          threats.concat(check_sql_injection(env))
+          threats.concat(check_xss_attempts(env))
+          threats.concat(check_path_traversal(env))
+          threats.concat(check_command_injection(env))
+          threats.concat(check_suspicious_headers(env))
+          threats.concat(check_malicious_user_agents(env))
+
+          # Calculate overall risk score
+          risk_score = calculate_risk_score(threats)
+          threat_level = determine_threat_level(risk_score)
+
+          {
+            processed: true,
+            action: determine_action(threat_level),
+            threats: threats,
+            risk_score: risk_score,
+            threat_level: threat_level,
+            feature: @name,
+            timestamp: Time.now.iso8601
+          }
+        end
+
+        private
+
+        def check_sql_injection(env)
+          threats = []
+          patterns = [
+            /union\s+select/i,
+            /drop\s+table/i,
+            /insert\s+into/i,
+            /delete\s+from/i,
+            /update\s+.*set/i,
+            /exec\s*\(/i,
+            /script\s*>/i,
+            /'.*or.*'.*='/i,
+            /1=1/i,
+            /admin'--/i
+          ]
+
+          check_patterns_in_request(env, patterns, 'sql_injection').each do |threat|
+            threats << threat
+          end
+
+          threats
+        end
+
+        def check_xss_attempts(env)
+          threats = []
+          patterns = [
+            /<script[^>]*>.*?<\/script>/i,
+            /javascript:/i,
+            /on\w+\s*=/i,
+            /<iframe[^>]*>/i,
+            /<object[^>]*>/i,
+            /<embed[^>]*>/i,
+            /eval\s*\(/i,
+            /alert\s*\(/i,
+            /document\.cookie/i
+          ]
+
+          check_patterns_in_request(env, patterns, 'xss_attempt').each do |threat|
+            threats << threat
+          end
+
+          threats
+        end
+
+        def check_path_traversal(env)
+          threats = []
+          patterns = [
+            /\.\.\//,
+            /\.\.\\/,
+            /%2e%2e%2f/i,
+            /%2e%2e%5c/i,
+            /etc\/passwd/i,
+            /windows\/system32/i
+          ]
+
+          check_patterns_in_request(env, patterns, 'path_traversal').each do |threat|
+            threats << threat
+          end
+
+          threats
+        end
+
+        def check_command_injection(env)
+          threats = []
+          patterns = [
+            /;\s*cat\s+/i,
+            /;\s*ls\s+/i,
+            /;\s*rm\s+/i,
+            /;\s*wget\s+/i,
+            /;\s*curl\s+/i,
+            /\|\s*nc\s+/i,
+            /&&\s*whoami/i,
+            /`.*`/,
+            /\$\(.*\)/
+          ]
+
+          check_patterns_in_request(env, patterns, 'command_injection').each do |threat|
+            threats << threat
+          end
+
+          threats
+        end
+
+        def check_suspicious_headers(env)
+          threats = []
+          
+          # Check for suspicious User-Agent patterns
+          user_agent = env['HTTP_USER_AGENT']
+          if user_agent
+            suspicious_agents = [
+              /sqlmap/i,
+              /nikto/i,
+              /nessus/i,
+              /burp/i,
+              /w3af/i,
+              /acunetix/i,
+              /netsparker/i
+            ]
+
+            suspicious_agents.each do |pattern|
+              if user_agent.match?(pattern)
+                threats << {
+                  type: 'suspicious_user_agent',
+                  pattern: pattern.source,
+                  value: user_agent,
+                  severity: 'high'
+                }
+              end
+            end
+          end
+
+          # Check for suspicious headers
+          suspicious_headers = %w[
+            HTTP_X_FORWARDED_HOST
+            HTTP_X_ORIGINAL_URL
+            HTTP_X_REWRITE_URL
+          ]
+
+          suspicious_headers.each do |header|
+            if env[header] && env[header].include?('..')
+              threats << {
+                type: 'suspicious_header',
+                header: header,
+                value: env[header],
+                severity: 'medium'
+              }
+            end
+          end
+
+          threats
+        end
+
+        def check_malicious_user_agents(env)
+          threats = []
+          user_agent = env['HTTP_USER_AGENT']
+          return threats unless user_agent
+
+          # Check for bot patterns that might be malicious
+          malicious_patterns = [
+            /python-requests/i,
+            /curl/i,
+            /wget/i,
+            /libwww/i,
+            /lwp-trivial/i,
+            /^$/  # Empty user agent
+          ]
+
+          malicious_patterns.each do |pattern|
+            if user_agent.match?(pattern)
+              threats << {
+                type: 'potentially_malicious_bot',
+                pattern: pattern.source,
+                value: user_agent,
+                severity: 'low'
+              }
+            end
+          end
+
+          threats
+        end
+
+        def check_patterns_in_request(env, patterns, threat_type)
+          threats = []
+          
+          # Check query string
+          if env['QUERY_STRING']
+            patterns.each do |pattern|
+              if env['QUERY_STRING'].match?(pattern)
+                threats << {
+                  type: threat_type,
+                  location: 'query_string',
+                  pattern: pattern.source,
+                  value: env['QUERY_STRING'],
+                  severity: 'high'
+                }
+              end
+            end
+          end
+
+          # Check POST data
+          if %w[POST PUT PATCH].include?(env['REQUEST_METHOD']) && env['rack.input']
+            begin
+              body = env['rack.input'].read
+              env['rack.input'].rewind if env['rack.input'].respond_to?(:rewind)
+              
+              patterns.each do |pattern|
+                if body.match?(pattern)
+                  threats << {
+                    type: threat_type,
+                    location: 'request_body',
+                    pattern: pattern.source,
+                    value: body[0..200], # Truncate for logging
+                    severity: 'high'
+                  }
+                end
+              end
+            rescue => e
+              # Log error but don't fail
+              Utils::Logger.warn("Error reading request body for security scan", { error: e.message })
+            end
+          end
+
+          # Check headers
+          env.each do |key, value|
+            next unless key.start_with?('HTTP_')
+            next unless value.is_a?(String)
+
+            patterns.each do |pattern|
+              if value.match?(pattern)
+                threats << {
+                  type: threat_type,
+                  location: 'headers',
+                  header: key,
+                  pattern: pattern.source,
+                  value: value,
+                  severity: 'medium'
+                }
+              end
+            end
+          end
+
+          threats
+        end
+
+        def calculate_risk_score(threats)
+          return 0.0 if threats.empty?
+
+          score = 0.0
+          threats.each do |threat|
+            case threat[:severity]
+            when 'high'
+              score += 0.4
+            when 'medium'
+              score += 0.2
+            when 'low'
+              score += 0.1
+            end
+          end
+
+          [score, 1.0].min # Cap at 1.0
+        end
+
+        def determine_threat_level(risk_score)
+          case risk_score
+          when 0.0...0.2
+            :low
+          when 0.2...0.5
+            :medium
+          when 0.5...0.8
+            :high
+          else
+            :critical
+          end
+        end
+
+        def determine_action(threat_level)
+          case threat_level
+          when :critical, :high
+            :block
+          when :medium
+            get_config_value(:medium_threat_action, :flag)
+          else
+            :allow
+          end
+        end
+
+        def get_config_value(key, default)
+          return default unless @config.respond_to?(:security_scanner)
+          return default unless @config.security_scanner.respond_to?(key)
+          @config.security_scanner.public_send(key)
+        end
+      end
+    end
+  end
+end

data/lib/rack/ai/middleware.rb

@@ -95,7 +95,7 @@ module Rack
           feature_class.new(@provider, @config)
         end
         
-        Utils::Logger.debug("Built features: #{features.map(&:name)}")
+        Utils::Logger.debug("Built features: #{features.map { |f| f.class.name.split('::').last }}")
         features
       end
 

data/lib/rack/ai/utils/enhanced_logger.rb

@@ -6,7 +6,7 @@ require 'json'
 module Rack
   module AI
     module Utils
-      class EnhancedLogger
+      class AdvancedLogger
         LOG_LEVELS = {
           debug: ::Logger::DEBUG,
           info: ::Logger::INFO,
@@ -123,8 +123,8 @@ module Rack
         end
       end
 
-      # Backward compatibility
-      Logger = EnhancedLogger
+      # Alias for backward compatibility
+      EnhancedLogger = AdvancedLogger
     end
   end
 end

data/lib/rack/ai/utils/logger.rb

@@ -7,28 +7,13 @@ module Rack
   module AI
     module Utils
       class Logger
-        def self.debug(message, context = {})
-          puts "[DEBUG] #{message} #{context}" if ENV['RACK_AI_DEBUG']
-        end
-
-        def self.info(message, context = {})
-          puts "[INFO] #{message} #{context}"
-        end
-
-        def self.warn(message, context = {})
-          puts "[WARN] #{message} #{context}"
-        end
-
-        def self.error(message, context = {})
-          puts "[ERROR] #{message} #{context}"
-        end
-
         class << self
           def logger
             @logger ||= build_logger
           end
 
           def debug(message, metadata = {})
+            return unless ENV['RACK_AI_DEBUG']
             log(:debug, message, metadata)
           end
 
@@ -122,6 +107,7 @@ module Rack
           end
         end
       end
+
     end
   end
 end

data/lib/rack/ai/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module AI
-    VERSION = "0.2.0"
+    VERSION = "0.4.0"
   end
 end

data/lib/rack/ai.rb

@@ -16,6 +16,8 @@ require_relative "ai/features/logging"
 require_relative "ai/features/enhancement"
 require_relative "ai/features/rate_limiting"
 require_relative "ai/features/anomaly_detection"
+require_relative "ai/features/rate_limiter"
+require_relative "ai/features/security_scanner"
 require_relative "ai/utils/logger"
 require_relative "ai/utils/metrics"
 require_relative "ai/utils/sanitizer"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-ai
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Ahmet KAHRAMAN
@@ -243,7 +243,9 @@ files:
 - benchmarks/performance_benchmark.rb
 - examples/comprehensive_example.rb
 - examples/rails_integration.rb
+- examples/rails_integration_advanced.rb
 - examples/sinatra_integration.rb
+- examples/sinatra_microservice.rb
 - lib/rack/ai.rb
 - lib/rack/ai/configuration.rb
 - lib/rack/ai/features/anomaly_detection.rb
@@ -252,9 +254,11 @@ files:
 - lib/rack/ai/features/enhancement.rb
 - lib/rack/ai/features/logging.rb
 - lib/rack/ai/features/moderation.rb
+- lib/rack/ai/features/rate_limiter.rb
 - lib/rack/ai/features/rate_limiting.rb
 - lib/rack/ai/features/routing.rb
 - lib/rack/ai/features/security.rb
+- lib/rack/ai/features/security_scanner.rb
 - lib/rack/ai/middleware.rb
 - lib/rack/ai/providers/base.rb
 - lib/rack/ai/providers/huggingface.rb