rack-attack 4.1.0 → 4.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +6 -2
- data/lib/rack/attack/cache.rb +2 -1
- data/lib/rack/attack/request.rb +13 -0
- data/lib/rack/attack/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5fcafc0f62e4bc044a43ebff9f20d2059db798be
|
|
4
|
+
data.tar.gz: 19ef91c505bac94a8e9e7cb0e9e672ce2c3f6aa7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 51e6cbf5836d2edef0186e310eadc05ab859db5ba03bc3243250e9c0e739961d4a58c96021db8a0966afaa9b94cbf23e43cffb6689e4e6902b04170a575af6ab
|
|
7
|
+
data.tar.gz: afd3639047fe6ac3c6e749d1efc1ceccd0d6100a9ae43d4947d48f09e4af2df48b94d66e879551d8ff6ccd1260467d5d5ad90604f0d942f0d9b61a5ce78cd71b
|
data/README.md
CHANGED
|
@@ -68,7 +68,7 @@ The algorithm is actually more concise in code: See [Rack::Attack.call](https://
|
|
|
68
68
|
|
|
69
69
|
```ruby
|
|
70
70
|
def call(env)
|
|
71
|
-
req = Rack::Request.new(env)
|
|
71
|
+
req = Rack::Attack::Request.new(env)
|
|
72
72
|
|
|
73
73
|
if whitelisted?(req)
|
|
74
74
|
@app.call(env)
|
|
@@ -83,6 +83,10 @@ def call(env)
|
|
|
83
83
|
end
|
|
84
84
|
```
|
|
85
85
|
|
|
86
|
+
Note: `Rack::Attack::Request` is just a subclass of `Rack::Attack` so that you
|
|
87
|
+
can cleanly monkey patch helper methods onto the
|
|
88
|
+
[request object](https://github.com/kickstarter/rack-attack/blob/master/lib/rack/attack/request.rb).
|
|
89
|
+
|
|
86
90
|
## About Tracks
|
|
87
91
|
|
|
88
92
|
`Rack::Attack.track` doesn't affect request processing. Tracks are an easy way to log and measure requests matching arbitrary attributes.
|
|
@@ -109,7 +113,7 @@ end
|
|
|
109
113
|
```ruby
|
|
110
114
|
# Block requests from 1.2.3.4
|
|
111
115
|
Rack::Attack.blacklist('block 1.2.3.4') do |req|
|
|
112
|
-
#
|
|
116
|
+
# Requests are blocked if the return value is truthy
|
|
113
117
|
'1.2.3.4' == req.ip
|
|
114
118
|
end
|
|
115
119
|
|
data/lib/rack/attack/cache.rb
CHANGED
|
@@ -16,7 +16,8 @@ module Rack
|
|
|
16
16
|
|
|
17
17
|
def count(unprefixed_key, period)
|
|
18
18
|
epoch_time = Time.now.to_i
|
|
19
|
-
expires_in
|
|
19
|
+
# Add 1 to expires_in to avoid timing error: http://git.io/i1PHXA
|
|
20
|
+
expires_in = period - (epoch_time % period) + 1
|
|
20
21
|
key = "#{prefix}:#{(epoch_time/period).to_i}:#{unprefixed_key}"
|
|
21
22
|
do_count(key, expires_in)
|
|
22
23
|
end
|
data/lib/rack/attack/request.rb
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
# Rack::Attack::Request is the same as ::Rack::Request by default.
|
|
2
|
+
#
|
|
3
|
+
# This is a safe place to add custom helper methods to the request object
|
|
4
|
+
# through monkey patching:
|
|
5
|
+
#
|
|
6
|
+
# class Rack::Attack::Request < ::Rack::Request
|
|
7
|
+
# def localhost?
|
|
8
|
+
# ip == "127.0.0.1"
|
|
9
|
+
# end
|
|
10
|
+
# end
|
|
11
|
+
#
|
|
12
|
+
# Rack::Attack.whitelist("localhost") {|req| req.localhost? }
|
|
13
|
+
#
|
|
1
14
|
module Rack
|
|
2
15
|
class Attack
|
|
3
16
|
class Request < ::Rack::Request
|
data/lib/rack/attack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.1.
|
|
4
|
+
version: 4.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Suggs
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|