rack-attack 6.0.0 → 6.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/rack/attack/throttle.rb +1 -0
- data/lib/rack/attack/version.rb +1 -1
- data/spec/rack_attack_throttle_spec.rb +33 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 273111fdf125be1d54c6c956dd4a4e3abe96184a0c5608304839280e06d655a3
|
|
4
|
+
data.tar.gz: 7e9039aaca427b1f9312ce4739d9d1713282f7b29647988577a37b32c6cfb393
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: deab3999e7a7f72e6e3d240f8312a38590deb1fd88aba2261c115573ac3081a5dc2e17667d184b68db8e06faf1f28dac27e44fc07867dc149c01ce3635069c42
|
|
7
|
+
data.tar.gz: bcfc056fd31c5f05c5fa4b517c420df227211186713dab5eeabea74917aa5236ffcac0f00455ac1b4ceb840c1f32929a4c73c84bedf3c34d00f2f04b5e93025a
|
data/README.md
CHANGED
|
@@ -285,9 +285,9 @@ Rack::Attack.track("special_agent", limit: 6, period: 60) do |req|
|
|
|
285
285
|
end
|
|
286
286
|
|
|
287
287
|
# Track it using ActiveSupport::Notification
|
|
288
|
-
ActiveSupport::Notifications.subscribe("
|
|
288
|
+
ActiveSupport::Notifications.subscribe("track.rack_attack") do |name, start, finish, request_id, payload|
|
|
289
289
|
req = payload[:request]
|
|
290
|
-
if req.env['rack.attack.matched'] == "special_agent"
|
|
290
|
+
if req.env['rack.attack.matched'] == "special_agent"
|
|
291
291
|
Rails.logger.info "special_agent: #{req.path}"
|
|
292
292
|
STATSD.increment("special_agent")
|
|
293
293
|
end
|
|
@@ -354,7 +354,7 @@ end
|
|
|
354
354
|
For responses that did not exceed a throttle limit, Rack::Attack annotates the env with match data:
|
|
355
355
|
|
|
356
356
|
```ruby
|
|
357
|
-
request.env['rack.attack.throttle_data'][name] # => { :count
|
|
357
|
+
request.env['rack.attack.throttle_data'][name] # => { discriminator: d, count: n, period: p, limit: l, epoch_time: t }
|
|
358
358
|
```
|
|
359
359
|
|
|
360
360
|
## Logging & Instrumentation
|
data/lib/rack/attack/throttle.rb
CHANGED
data/lib/rack/attack/version.rb
CHANGED
|
@@ -22,7 +22,14 @@ describe 'Rack::Attack.throttle' do
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
it 'should populate throttle data' do
|
|
25
|
-
data = {
|
|
25
|
+
data = {
|
|
26
|
+
count: 1,
|
|
27
|
+
limit: 1,
|
|
28
|
+
period: @period,
|
|
29
|
+
epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
|
|
30
|
+
discriminator: "1.2.3.4"
|
|
31
|
+
}
|
|
32
|
+
|
|
26
33
|
last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
|
|
27
34
|
end
|
|
28
35
|
end
|
|
@@ -39,7 +46,15 @@ describe 'Rack::Attack.throttle' do
|
|
|
39
46
|
it 'should tag the env' do
|
|
40
47
|
last_request.env['rack.attack.matched'].must_equal 'ip/sec'
|
|
41
48
|
last_request.env['rack.attack.match_type'].must_equal :throttle
|
|
42
|
-
|
|
49
|
+
|
|
50
|
+
last_request.env['rack.attack.match_data'].must_equal(
|
|
51
|
+
count: 2,
|
|
52
|
+
limit: 1,
|
|
53
|
+
period: @period,
|
|
54
|
+
epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
|
|
55
|
+
discriminator: "1.2.3.4"
|
|
56
|
+
)
|
|
57
|
+
|
|
43
58
|
last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4')
|
|
44
59
|
end
|
|
45
60
|
|
|
@@ -67,7 +82,14 @@ describe 'Rack::Attack.throttle with limit as proc' do
|
|
|
67
82
|
end
|
|
68
83
|
|
|
69
84
|
it 'should populate throttle data' do
|
|
70
|
-
data = {
|
|
85
|
+
data = {
|
|
86
|
+
count: 1,
|
|
87
|
+
limit: 1,
|
|
88
|
+
period: @period,
|
|
89
|
+
epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
|
|
90
|
+
discriminator: "1.2.3.4"
|
|
91
|
+
}
|
|
92
|
+
|
|
71
93
|
last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
|
|
72
94
|
end
|
|
73
95
|
end
|
|
@@ -91,7 +113,14 @@ describe 'Rack::Attack.throttle with period as proc' do
|
|
|
91
113
|
end
|
|
92
114
|
|
|
93
115
|
it 'should populate throttle data' do
|
|
94
|
-
data = {
|
|
116
|
+
data = {
|
|
117
|
+
count: 1,
|
|
118
|
+
limit: 1,
|
|
119
|
+
period: @period,
|
|
120
|
+
epoch_time: Rack::Attack.cache.last_epoch_time.to_i,
|
|
121
|
+
discriminator: "1.2.3.4"
|
|
122
|
+
}
|
|
123
|
+
|
|
95
124
|
last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
|
|
96
125
|
end
|
|
97
126
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Suggs
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-07-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -282,7 +282,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
282
282
|
- !ruby/object:Gem::Version
|
|
283
283
|
version: '0'
|
|
284
284
|
requirements: []
|
|
285
|
-
rubygems_version: 3.0.
|
|
285
|
+
rubygems_version: 3.0.4
|
|
286
286
|
signing_key:
|
|
287
287
|
specification_version: 4
|
|
288
288
|
summary: Block & throttle abusive requests
|