rack-attack 3.0.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ea9a8662af6ca32da955a04479518cefb8d391f1
-  data.tar.gz: a81aaf8306c6652e177d06ae0c6fd1ecc538e8fb
+  metadata.gz: ff9b10f54b7093a546fea83332521abbd15b50fc
+  data.tar.gz: 766a4136c3895f45c09288e9fc97fe4a5e8e596c
 SHA512:
-  metadata.gz: 400df3037af9a335d07edd5968782300711c018ea01890e90a8802dc2c347a347c75b64c13433b81b8bb7345a87399a4765828ed1206c7c7ac4728c0b41fbb49
-  data.tar.gz: 1a37808e78845769b371341e20bd1c3f018d206b36c64e1b2569aa753375b2aa01460324e5a507579bb621b76ed7fd4e957c13c1809a9c7ac6d9c2d5bbecd097
+  metadata.gz: d5891f076087208013f1df9942977692aec45692ac6ec6fea1d143731033bebeed08d955a977ac7322aed8c9390383557214891ea61344351b1d1ec04c5f897e
+  data.tar.gz: d6e5098b06db042fb7e863b7d34668d4f5bff12812d7ee1d7493455ca8546606605431ebd403041442ee82f47509ad8c2365a2a2bcd130706c3a328a74dc94ed

data/README.md

@@ -1,5 +1,5 @@
 # Rack::Attack!!!
-*A DSL for blocking & throttling abusive clients*
+*Rack middleware for blocking & throttling abusive requests*
 
 Rack::Attack is a rack middleware to protect your web app from bad clients.
 It allows *whitelisting*, *blacklisting*, *throttling*, and *tracking* based on arbitrary properties of the request.
@@ -13,7 +13,7 @@ See the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hac
 [![Code Climate](https://codeclimate.com/github/kickstarter/rack-attack.png)](https://codeclimate.com/github/kickstarter/rack-attack)
 
 
-## Installation
+## Getting started
 
 Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to you Gemfile with bundler:
 
@@ -36,6 +36,17 @@ Or for Rackup files:
 use Rack::Attack
 ```
 
+Add a `rack-attack.rb` file to `config/initalizers/`:
+```ruby
+# In config/initializers/rack-attack.rb
+module Rack::Attack
+  # your custom configuration...
+end
+```
+
+*Tip:* The example in the wiki is a great way to get started:
+[Example Configuration](https://github.com/kickstarter/rack-attack/wiki/Example-Configuration)
+
 Optionally configure the cache store for throttling:
 
 ```ruby
@@ -271,6 +282,6 @@ New releases of Rack::Attack are announced on
 
 ## License
 
-Copyright (c) 2012 Kickstarter, Inc
+Copyright Kickstarter, Inc.
 
-Released under an [MIT License](http://opensource.org/licenses/MIT)
+Released under an [MIT License](http://opensource.org/licenses/MIT).

data/lib/rack/attack.rb

@@ -1,14 +1,19 @@
 require 'rack'
-module Rack::Attack
-  autoload :Cache,     'rack/attack/cache'
-  autoload :Check,     'rack/attack/check'
-  autoload :Throttle,  'rack/attack/throttle'
-  autoload :Whitelist, 'rack/attack/whitelist'
-  autoload :Blacklist, 'rack/attack/blacklist'
-  autoload :Track,     'rack/attack/track'
-  autoload :StoreProxy,'rack/attack/store_proxy'
-  autoload :Fail2Ban,  'rack/attack/fail2ban'
-  autoload :Allow2Ban,  'rack/attack/allow2ban'
+require 'forwardable'
+
+class Rack::Attack
+  autoload :Cache,           'rack/attack/cache'
+  autoload :Check,           'rack/attack/check'
+  autoload :Throttle,        'rack/attack/throttle'
+  autoload :Whitelist,       'rack/attack/whitelist'
+  autoload :Blacklist,       'rack/attack/blacklist'
+  autoload :Track,           'rack/attack/track'
+  autoload :StoreProxy,      'rack/attack/store_proxy'
+  autoload :DalliProxy,      'rack/attack/store_proxy/dalli_proxy'
+  autoload :RedisStoreProxy, 'rack/attack/store_proxy/redis_store_proxy'
+  autoload :Fail2Ban,        'rack/attack/fail2ban'
+  autoload :Allow2Ban,       'rack/attack/allow2ban'
+  autoload :Request,         'rack/attack/request'
 
   class << self
 
@@ -35,35 +40,6 @@ module Rack::Attack
     def throttles;  @throttles  ||= {}; end
     def tracks;     @tracks     ||= {}; end
 
-    def new(app)
-      @app = app
-
-      # Set defaults
-      @notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
-      @blacklisted_response ||= lambda {|env| [403, {}, ["Forbidden\n"]] }
-      @throttled_response   ||= lambda {|env|
-        retry_after = env['rack.attack.match_data'][:period] rescue nil
-        [429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
-      }
-
-      self
-    end
-
-    def call(env)
-      req = Rack::Request.new(env)
-
-      if whitelisted?(req)
-        @app.call(env)
-      elsif blacklisted?(req)
-        blacklisted_response[env]
-      elsif throttled?(req)
-        throttled_response[env]
-      else
-        tracked?(req)
-        @app.call(env)
-      end
-    end
-
     def whitelisted?(req)
       whitelists.any? do |name, whitelist|
         whitelist[req]
@@ -101,4 +77,37 @@ module Rack::Attack
     end
 
   end
+
+  # Set defaults
+  @notifier             = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
+  @blacklisted_response = lambda {|env| [403, {}, ["Forbidden\n"]] }
+  @throttled_response   = lambda {|env|
+    retry_after = env['rack.attack.match_data'][:period] rescue nil
+    [429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
+  }
+
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    req = Rack::Attack::Request.new(env)
+
+    if whitelisted?(req)
+      @app.call(env)
+    elsif blacklisted?(req)
+      self.class.blacklisted_response[env]
+    elsif throttled?(req)
+      self.class.throttled_response[env]
+    else
+      tracked?(req)
+      @app.call(env)
+    end
+  end
+
+  extend Forwardable
+  def_delegators self, :whitelisted?,
+                       :blacklisted?,
+                       :throttled?,
+                       :tracked?
 end

data/lib/rack/attack/allow2ban.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Allow2Ban < Fail2Ban
       class << self
         protected

data/lib/rack/attack/blacklist.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Blacklist < Check
       def initialize(name, block)
         super

data/lib/rack/attack/cache.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Cache
 
       attr_accessor :prefix

data/lib/rack/attack/check.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Check
       attr_reader :name, :block, :type
       def initialize(name, block)

data/lib/rack/attack/fail2ban.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Fail2Ban
       class << self
         def filter(discriminator, options)

data/lib/rack/attack/request.rb

@@ -0,0 +1,6 @@
+module Rack
+  class Attack
+    class Request < ::Rack::Request
+    end
+  end
+end

data/lib/rack/attack/store_proxy.rb

@@ -1,8 +1,8 @@
-require 'delegate'
-
 module Rack
-  module Attack
-    class StoreProxy
+  class Attack
+    module StoreProxy
+      PROXIES = [DalliProxy, RedisStoreProxy]
+
       def self.build(store)
         # RedisStore#increment needs different behavior, so detect that
         # (method has an arity of 2; must call #expire separately
@@ -12,46 +12,11 @@ module Rack
           store = store.instance_variable_get(:@data)
         end
 
-        if defined?(::Redis::Store) && store.is_a?(::Redis::Store)
-          RedisStoreProxy.new(store)
-        else
-          store
-        end
-      end
-
-      class RedisStoreProxy < SimpleDelegator
-        def initialize(store)
-          super(store)
-        end
-
-        def read(key)
-          self.get(key)
-          rescue Redis::BaseError
-            nil
-        end
-
-        def write(key, value, options={})
-          if (expires_in = options[:expires_in])
-            self.setex(key, expires_in, value)
-          else
-            self.set(key, value)
-          end
-          rescue Redis::BaseError
-            nil
-        end
-
-        def increment(key, amount, options={})
-          count = nil
-          self.pipelined do
-            count = self.incrby(key, amount)
-            self.expire(key, options[:expires_in]) if options[:expires_in]
-          end
-          count.value if count
-          rescue Redis::BaseError
-            nil
-        end
+        klass = PROXIES.find { |proxy| proxy.handle?(store) }
 
+        klass ? klass.new(store) : store
       end
+
     end
   end
 end

data/lib/rack/attack/store_proxy/dalli_proxy.rb

@@ -0,0 +1,65 @@
+require 'delegate'
+
+module Rack
+  class Attack
+    module StoreProxy
+      class DalliProxy < SimpleDelegator
+        def self.handle?(store)
+          return false unless defined?(::Dalli)
+
+          # Consider extracting to a separate Connection Pool proxy to reduce
+          # code here and handle clients other than Dalli.
+          if defined?(::ConnectionPool) && store.is_a?(::ConnectionPool)
+            store.with { |conn| conn.is_a?(::Dalli::Client) }
+          else
+            store.is_a?(::Dalli::Client)
+          end
+        end
+
+        def initialize(client)
+          super(client)
+          stub_with_if_missing
+        end
+
+        def read(key)
+          with do |client|
+            client.get(key)
+          end
+        rescue Dalli::DalliError
+        end
+
+        def write(key, value, options={})
+          with do |client|
+            client.set(key, value, options.fetch(:expires_in, 0), raw: true)
+          end
+        rescue Dalli::DalliError
+        end
+
+        def increment(key, amount, options={})
+          with do |client|
+            client.incr(key, amount, options.fetch(:expires_in, 0), amount)
+          end
+        rescue Dalli::DalliError
+        end
+
+        def delete(key)
+          with do |client|
+            client.delete(key)
+          end
+        rescue Dalli::DalliError
+        end
+
+        private
+
+        def stub_with_if_missing
+          unless __getobj__.respond_to?(:with)
+            class << self
+              def with; yield __getobj__; end
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/rack/attack/store_proxy/redis_store_proxy.rb

@@ -0,0 +1,42 @@
+require 'delegate'
+
+module Rack
+  class Attack
+    module StoreProxy
+      class RedisStoreProxy < SimpleDelegator
+        def self.handle?(store)
+          defined?(::Redis::Store) && store.is_a?(::Redis::Store)
+        end
+
+        def initialize(store)
+          super(store)
+        end
+
+        def read(key)
+          self.get(key)
+        rescue Redis::BaseError
+        end
+
+        def write(key, value, options={})
+          if (expires_in = options[:expires_in])
+            self.setex(key, expires_in, value)
+          else
+            self.set(key, value)
+          end
+        rescue Redis::BaseError
+        end
+
+        def increment(key, amount, options={})
+          count = nil
+          self.pipelined do
+            count = self.incrby(key, amount)
+            self.expire(key, options[:expires_in]) if options[:expires_in]
+          end
+          count.value if count
+        rescue Redis::BaseError
+        end
+
+      end
+    end
+  end
+end

data/lib/rack/attack/throttle.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Throttle
       MANDATORY_OPTIONS = [:limit, :period]
       attr_reader :name, :limit, :period, :block

data/lib/rack/attack/track.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Track < Check
       def initialize(name, block)
         super

data/lib/rack/attack/version.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
-    VERSION = '3.0.0'
+  class Attack
+    VERSION = '4.0.0'
   end
 end

data/lib/rack/attack/whitelist.rb

@@ -1,5 +1,5 @@
 module Rack
-  module Attack
+  class Attack
     class Whitelist < Check
       def initialize(name, block)
         super

data/spec/integration/offline_spec.rb

@@ -0,0 +1,47 @@
+require 'active_support/cache'
+require 'active_support/cache/redis_store'
+require 'dalli'
+require_relative '../spec_helper'
+
+OfflineExamples = Minitest::SharedExamples.new do
+
+  it 'should write' do
+    @cache.write('cache-test-key', 'foobar', 1)
+  end
+
+  it 'should read' do
+    @cache.read('cache-test-key')
+  end
+
+  it 'should count' do
+    @cache.send(:do_count, 'rack::attack::cache-test-key', 1)
+  end
+
+end
+
+describe 'when Redis is offline' do
+  include OfflineExamples
+
+  before {
+    @cache = Rack::Attack::Cache.new
+    # Use presumably unused port for Redis client
+    @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
+  }
+
+end
+
+describe 'when Memcached is offline' do
+  include OfflineExamples
+
+  before {
+    Dalli.logger.level = Logger::FATAL
+
+    @cache = Rack::Attack::Cache.new
+    @cache.store = Dalli::Client.new('127.0.0.1:22122')
+  }
+
+  after {
+    Dalli.logger.level = Logger::INFO
+  }
+
+end

data/spec/integration/rack_attack_cache_spec.rb

@@ -15,10 +15,13 @@ describe Rack::Attack::Cache do
 
   require 'active_support/cache/dalli_store'
   require 'active_support/cache/redis_store'
+  require 'connection_pool'
   cache_stores = [
     ActiveSupport::Cache::MemoryStore.new,
-    ActiveSupport::Cache::DalliStore.new("localhost"),
-    ActiveSupport::Cache::RedisStore.new("localhost"),
+    ActiveSupport::Cache::DalliStore.new("127.0.0.1"),
+    ActiveSupport::Cache::RedisStore.new("127.0.0.1"),
+    Dalli::Client.new,
+    ConnectionPool.new { Dalli::Client.new },
     Redis::Store.new
   ]
 
@@ -27,7 +30,7 @@ describe Rack::Attack::Cache do
     describe "with #{store.class}" do
 
       before {
-        @cache ||= Rack::Attack::Cache.new
+        @cache = Rack::Attack::Cache.new
         @key = "rack::attack:cache-test-key"
         @expires_in = 1
         @cache.store = store
@@ -80,32 +83,4 @@ describe Rack::Attack::Cache do
     end
 
   end
-
-  describe "should not error if redis is not running" do
-    before {
-      @cache = Rack::Attack::Cache.new
-      @key = "rack::attack:cache-test-key"
-      @expires_in = 1
-      # Use presumably unused port for Redis client
-      @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
-    }
-    describe "write" do
-      it "should not raise exception" do
-        @cache.write("cache-test-key", "foobar", 1)
-      end
-    end
-
-    describe "read" do
-      it "should not raise exception" do
-        @cache.read("cache-test-key")
-      end
-    end
-
-    describe "do_count" do
-      it "should not raise exception" do
-        @cache.send(:do_count, @key, @expires_in)
-      end
-    end
-  end
-
 end

data/spec/rack_attack_dalli_proxy_spec.rb

@@ -0,0 +1,10 @@
+require_relative 'spec_helper'
+
+describe Rack::Attack::StoreProxy::DalliProxy do
+
+  it 'should stub Dalli::Client#with on older clients' do
+    proxy = Rack::Attack::StoreProxy::DalliProxy.new(Class.new)
+    proxy.with {} # will not raise an error
+  end
+
+end

data/spec/rack_attack_request_spec.rb

@@ -0,0 +1,19 @@
+require_relative 'spec_helper'
+
+describe 'Rack::Attack' do
+  describe 'helpers' do
+    before do
+      class Rack::Attack::Request
+        def remote_ip
+          ip
+        end
+      end
+
+      Rack::Attack.whitelist('valid IP') do |req|
+        req.remote_ip == "127.0.0.1"
+      end
+    end
+
+    allow_ok_requests
+  end
+end

data/spec/spec_helper.rb

@@ -34,3 +34,7 @@ class MiniTest::Spec
     end
   end
 end
+
+class Minitest::SharedExamples < Module
+  include Minitest::Spec::DSL
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-15 00:00:00.000000000 Z
+date: 2014-04-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +122,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A rack middleware for throttling and blocking abusive requests
 email: aaron@ktheory.com
 executables: []
@@ -122,14 +150,20 @@ files:
 - lib/rack/attack/cache.rb
 - lib/rack/attack/check.rb
 - lib/rack/attack/fail2ban.rb
+- lib/rack/attack/request.rb
 - lib/rack/attack/store_proxy.rb
+- lib/rack/attack/store_proxy/dalli_proxy.rb
+- lib/rack/attack/store_proxy/redis_store_proxy.rb
 - lib/rack/attack/throttle.rb
 - lib/rack/attack/track.rb
 - lib/rack/attack/version.rb
 - lib/rack/attack/whitelist.rb
 - spec/allow2ban_spec.rb
 - spec/fail2ban_spec.rb
+- spec/integration/offline_spec.rb
 - spec/integration/rack_attack_cache_spec.rb
+- spec/rack_attack_dalli_proxy_spec.rb
+- spec/rack_attack_request_spec.rb
 - spec/rack_attack_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb
@@ -162,7 +196,10 @@ summary: Block & throttle abusive requests
 test_files:
 - spec/allow2ban_spec.rb
 - spec/fail2ban_spec.rb
+- spec/integration/offline_spec.rb
 - spec/integration/rack_attack_cache_spec.rb
+- spec/rack_attack_dalli_proxy_spec.rb
+- spec/rack_attack_request_spec.rb
 - spec/rack_attack_spec.rb
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb