rack-attack 4.1.0 → 4.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rack-attack might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 459c5b823f0b03b1d839e5577d1d57fc14332d2c
4
- data.tar.gz: e8e15fe0e7619b07a9710160cd429dab4499f6c1
3
+ metadata.gz: 5fcafc0f62e4bc044a43ebff9f20d2059db798be
4
+ data.tar.gz: 19ef91c505bac94a8e9e7cb0e9e672ce2c3f6aa7
5
5
  SHA512:
6
- metadata.gz: 67aad493c5a2b719de12f17a099e9e3ffabfe32fb33ba2d11b9c8149918a78e300fad9c56b786fcca2e328f898a022f0da158becf81304eba42928f1119a5f74
7
- data.tar.gz: 4cc797bcb7a7e88fe7b9df2c016b6aeb766dc71007d8124b3d3cd4b1e7da4e6d0695de0465f21afc798aafc81f0b6ac3dbe5f8cdc4f05e856bca49a69e49ce70
6
+ metadata.gz: 51e6cbf5836d2edef0186e310eadc05ab859db5ba03bc3243250e9c0e739961d4a58c96021db8a0966afaa9b94cbf23e43cffb6689e4e6902b04170a575af6ab
7
+ data.tar.gz: afd3639047fe6ac3c6e749d1efc1ceccd0d6100a9ae43d4947d48f09e4af2df48b94d66e879551d8ff6ccd1260467d5d5ad90604f0d942f0d9b61a5ce78cd71b
data/README.md CHANGED
@@ -68,7 +68,7 @@ The algorithm is actually more concise in code: See [Rack::Attack.call](https://
68
68
 
69
69
  ```ruby
70
70
  def call(env)
71
- req = Rack::Request.new(env)
71
+ req = Rack::Attack::Request.new(env)
72
72
 
73
73
  if whitelisted?(req)
74
74
  @app.call(env)
@@ -83,6 +83,10 @@ def call(env)
83
83
  end
84
84
  ```
85
85
 
86
+ Note: `Rack::Attack::Request` is just a subclass of `Rack::Attack` so that you
87
+ can cleanly monkey patch helper methods onto the
88
+ [request object](https://github.com/kickstarter/rack-attack/blob/master/lib/rack/attack/request.rb).
89
+
86
90
  ## About Tracks
87
91
 
88
92
  `Rack::Attack.track` doesn't affect request processing. Tracks are an easy way to log and measure requests matching arbitrary attributes.
@@ -109,7 +113,7 @@ end
109
113
  ```ruby
110
114
  # Block requests from 1.2.3.4
111
115
  Rack::Attack.blacklist('block 1.2.3.4') do |req|
112
- # Request are blocked if the return value is truthy
116
+ # Requests are blocked if the return value is truthy
113
117
  '1.2.3.4' == req.ip
114
118
  end
115
119
 
@@ -16,7 +16,8 @@ module Rack
16
16
 
17
17
  def count(unprefixed_key, period)
18
18
  epoch_time = Time.now.to_i
19
- expires_in = period - (epoch_time % period)
19
+ # Add 1 to expires_in to avoid timing error: http://git.io/i1PHXA
20
+ expires_in = period - (epoch_time % period) + 1
20
21
  key = "#{prefix}:#{(epoch_time/period).to_i}:#{unprefixed_key}"
21
22
  do_count(key, expires_in)
22
23
  end
@@ -1,3 +1,16 @@
1
+ # Rack::Attack::Request is the same as ::Rack::Request by default.
2
+ #
3
+ # This is a safe place to add custom helper methods to the request object
4
+ # through monkey patching:
5
+ #
6
+ # class Rack::Attack::Request < ::Rack::Request
7
+ # def localhost?
8
+ # ip == "127.0.0.1"
9
+ # end
10
+ # end
11
+ #
12
+ # Rack::Attack.whitelist("localhost") {|req| req.localhost? }
13
+ #
1
14
  module Rack
2
15
  class Attack
3
16
  class Request < ::Rack::Request
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class Attack
3
- VERSION = '4.1.0'
3
+ VERSION = '4.1.1'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-attack
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.0
4
+ version: 4.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Suggs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-05-22 00:00:00.000000000 Z
11
+ date: 2014-09-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack