rack-attack 5.4.0 → 6.2.0

data/lib/rack/attack/store_proxy/redis_store_proxy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'delegate'
 
 module Rack
@@ -9,17 +11,15 @@ module Rack
         end
 
         def read(key)
-          get(key, raw: true)
-        rescue Redis::BaseError
+          rescuing { get(key, raw: true) }
         end
 
         def write(key, value, options = {})
           if (expires_in = options[:expires_in])
-            setex(key, expires_in, value, raw: true)
+            rescuing { setex(key, expires_in, value, raw: true) }
           else
-            set(key, value, raw: true)
+            rescuing { set(key, value, raw: true) }
           end
-        rescue Redis::BaseError
         end
       end
     end

data/lib/rack/attack/throttle.rb

@@ -1,15 +1,18 @@
+# frozen_string_literal: true
+
 module Rack
   class Attack
     class Throttle
       MANDATORY_OPTIONS = [:limit, :period].freeze
 
       attr_reader :name, :limit, :period, :block, :type
-      def initialize(name, options, block)
-        @name, @block = name, block
+      def initialize(name, options, &block)
+        @name = name
+        @block = block
         MANDATORY_OPTIONS.each do |opt|
-          raise ArgumentError.new("Must pass #{opt.inspect} option") unless options[opt]
+          raise ArgumentError, "Must pass #{opt.inspect} option" unless options[opt]
         end
-        @limit  = options[:limit]
+        @limit = options[:limit]
         @period = options[:period].respond_to?(:call) ? options[:period] : options[:period].to_i
         @type   = options.fetch(:type, :throttle)
       end
@@ -29,10 +32,11 @@ module Rack
         epoch_time     = cache.last_epoch_time
 
         data = {
-          :count => count,
-          :period => current_period,
-          :limit => current_limit,
-          :epoch_time => epoch_time
+          discriminator: discriminator,
+          count: count,
+          period: current_period,
+          limit: current_limit,
+          epoch_time: epoch_time
         }
 
         (request.env['rack.attack.throttle_data'] ||= {})[name] = data

data/lib/rack/attack/track.rb

@@ -1,16 +1,19 @@
+# frozen_string_literal: true
+
 module Rack
   class Attack
     class Track
       attr_reader :filter
 
-      def initialize(name, options = {}, block)
+      def initialize(name, options = {}, &block)
         options[:type] = :track
 
-        if options[:limit] && options[:period]
-          @filter = Throttle.new(name, options, block)
-        else
-          @filter = Check.new(name, options, block)
-        end
+        @filter =
+          if options[:limit] && options[:period]
+            Throttle.new(name, options, &block)
+          else
+            Check.new(name, options, &block)
+          end
       end
 
       def matched_by?(request)

data/lib/rack/attack/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Rack
   class Attack
-    VERSION = '5.4.0'
+    VERSION = '6.2.0'
   end
 end

data/spec/acceptance/allow2ban_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative "../spec_helper"
 require "timecop"
 

data/spec/acceptance/blocking_ip_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative "../spec_helper"
 
 describe "Blocking an IP" do
@@ -21,9 +23,9 @@ describe "Blocking an IP" do
     notified = false
     notification_type = nil
 
-    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
+    ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
       notified = true
-      notification_type = request.env["rack.attack.match_type"]
+      notification_type = payload[:request].env["rack.attack.match_type"]
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"

data/spec/acceptance/blocking_spec.rb

@@ -1,6 +1,48 @@
+# frozen_string_literal: true
+
 require_relative "../spec_helper"
 
 describe "#blocklist" do
+  before do
+    Rack::Attack.blocklist do |request|
+      request.ip == "1.2.3.4"
+    end
+  end
+
+  it "forbids request if blocklist condition is true" do
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_equal 403, last_response.status
+  end
+
+  it "succeeds if blocklist condition is false" do
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_equal 200, last_response.status
+  end
+
+  it "notifies when the request is blocked" do
+    notification_matched = nil
+    notification_type = nil
+
+    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, payload|
+      notification_matched = payload[:request].env["rack.attack.matched"]
+      notification_type = payload[:request].env["rack.attack.match_type"]
+    end
+
+    get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
+
+    assert_nil notification_matched
+    assert_nil notification_type
+
+    get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+
+    assert_nil notification_matched
+    assert_equal :blocklist, notification_type
+  end
+end
+
+describe "#blocklist with name" do
   before do
     Rack::Attack.blocklist("block 1.2.3.4") do |request|
       request.ip == "1.2.3.4"
@@ -23,9 +65,9 @@ describe "#blocklist" do
     notification_matched = nil
     notification_type = nil
 
-    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
-      notification_matched = request.env["rack.attack.matched"]
-      notification_type = request.env["rack.attack.match_type"]
+    ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
+      notification_matched = payload[:request].env["rack.attack.matched"]
+      notification_type = payload[:request].env["rack.attack.match_type"]
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"

data/spec/acceptance/blocking_subnet_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative "../spec_helper"
 
 describe "Blocking an IP subnet" do
@@ -27,9 +29,9 @@ describe "Blocking an IP subnet" do
     notified = false
     notification_type = nil
 
-    ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
+    ActiveSupport::Notifications.subscribe("blocklist.rack_attack") do |_name, _start, _finish, _id, payload|
       notified = true
-      notification_type = request.env["rack.attack.match_type"]
+      notification_type = payload[:request].env["rack.attack.match_type"]
     end
 
     get "/", {}, "REMOTE_ADDR" => "5.6.7.8"

data/spec/acceptance/cache_store_config_for_allow2ban_spec.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require_relative "../spec_helper"
+require "minitest/stub_const"
 
 describe "Cache store config when using allow2ban" do
   before do
@@ -16,61 +19,67 @@ describe "Cache store config when using allow2ban" do
   end
 
   it "gives semantic error if store is missing #read method" do
-    basic_store_class = Class.new do
-      def write(key, value)
-      end
+    raised_exception = nil
 
-      def increment(key, count, options = {})
-      end
+    fake_store_class = Class.new do
+      def write(key, value); end
+
+      def increment(key, count, options = {}); end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get "/scarce-resource"
+      raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
+        get "/scarce-resource"
+      end
     end
 
-    assert_equal "Store needs to respond to #read", raised_exception.message
+    assert_equal "Configured store FakeStore doesn't respond to #read method", raised_exception.message
   end
 
   it "gives semantic error if store is missing #write method" do
-    basic_store_class = Class.new do
-      def read(key)
-      end
+    raised_exception = nil
 
-      def increment(key, count, options = {})
-      end
+    fake_store_class = Class.new do
+      def read(key); end
+
+      def increment(key, count, options = {}); end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get "/scarce-resource"
+      raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
+        get "/scarce-resource"
+      end
     end
 
-    assert_equal "Store needs to respond to #write", raised_exception.message
+    assert_equal "Configured store FakeStore doesn't respond to #write method", raised_exception.message
   end
 
   it "gives semantic error if store is missing #increment method" do
-    basic_store_class = Class.new do
-      def read(key)
-      end
+    raised_exception = nil
 
-      def write(key, value)
-      end
+    fake_store_class = Class.new do
+      def read(key); end
+
+      def write(key, value); end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get "/scarce-resource"
+      raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
+        get "/scarce-resource"
+      end
     end
 
-    assert_equal "Store needs to respond to #increment", raised_exception.message
+    assert_equal "Configured store FakeStore doesn't respond to #increment method", raised_exception.message
   end
 
   it "works with any object that responds to #read, #write and #increment" do
-    basic_store_class = Class.new do
+    fake_store_class = Class.new do
       attr_accessor :backend
 
       def initialize
@@ -91,21 +100,23 @@ describe "Cache store config when using allow2ban" do
       end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    get "/"
-    assert_equal 200, last_response.status
+      get "/"
+      assert_equal 200, last_response.status
 
-    get "/scarce-resource"
-    assert_equal 200, last_response.status
+      get "/scarce-resource"
+      assert_equal 200, last_response.status
 
-    get "/scarce-resource"
-    assert_equal 200, last_response.status
+      get "/scarce-resource"
+      assert_equal 200, last_response.status
 
-    get "/scarce-resource"
-    assert_equal 403, last_response.status
+      get "/scarce-resource"
+      assert_equal 403, last_response.status
 
-    get "/"
-    assert_equal 403, last_response.status
+      get "/"
+      assert_equal 403, last_response.status
+    end
   end
 end

data/spec/acceptance/cache_store_config_for_fail2ban_spec.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require_relative "../spec_helper"
+require "minitest/stub_const"
 
 describe "Cache store config when using fail2ban" do
   before do
@@ -16,61 +19,67 @@ describe "Cache store config when using fail2ban" do
   end
 
   it "gives semantic error if store is missing #read method" do
-    basic_store_class = Class.new do
-      def write(key, value)
-      end
+    raised_exception = nil
 
-      def increment(key, count, options = {})
-      end
+    fake_store_class = Class.new do
+      def write(key, value); end
+
+      def increment(key, count, options = {}); end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get "/private-place"
+      raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
+        get "/private-place"
+      end
     end
 
-    assert_equal "Store needs to respond to #read", raised_exception.message
+    assert_equal "Configured store FakeStore doesn't respond to #read method", raised_exception.message
   end
 
   it "gives semantic error if store is missing #write method" do
-    basic_store_class = Class.new do
-      def read(key)
-      end
+    raised_exception = nil
 
-      def increment(key, count, options = {})
-      end
+    fake_store_class = Class.new do
+      def read(key); end
+
+      def increment(key, count, options = {}); end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get "/private-place"
+      raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
+        get "/private-place"
+      end
     end
 
-    assert_equal "Store needs to respond to #write", raised_exception.message
+    assert_equal "Configured store FakeStore doesn't respond to #write method", raised_exception.message
   end
 
   it "gives semantic error if store is missing #increment method" do
-    basic_store_class = Class.new do
-      def read(key)
-      end
+    raised_exception = nil
 
-      def write(key, value)
-      end
+    fake_store_class = Class.new do
+      def read(key); end
+
+      def write(key, value); end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Object.stub_const(:FakeStore, fake_store_class) do
+      Rack::Attack.cache.store = FakeStore.new
 
-    raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
-      get "/private-place"
+      raised_exception = assert_raises(Rack::Attack::MisconfiguredStoreError) do
+        get "/private-place"
+      end
     end
 
-    assert_equal "Store needs to respond to #increment", raised_exception.message
+    assert_equal "Configured store FakeStore doesn't respond to #increment method", raised_exception.message
   end
 
   it "works with any object that responds to #read, #write and #increment" do
-    basic_store_class = Class.new do
+    FakeStore = Class.new do
       attr_accessor :backend
 
       def initialize
@@ -91,7 +100,7 @@ describe "Cache store config when using fail2ban" do
       end
     end
 
-    Rack::Attack.cache.store = basic_store_class.new
+    Rack::Attack.cache.store = FakeStore.new
 
     get "/"
     assert_equal 200, last_response.status