rack-attack 6.3.0 → 6.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +21 -0
- data/README.md +37 -33
- data/lib/rack/attack/base_proxy.rb +27 -0
- data/lib/rack/attack/cache.rb +7 -1
- data/lib/rack/attack/check.rb +1 -0
- data/lib/rack/attack/configuration.rb +26 -8
- data/lib/rack/attack/railtie.rb +1 -3
- data/lib/rack/attack/store_proxy/active_support_redis_store_proxy.rb +2 -2
- data/lib/rack/attack/store_proxy/dalli_proxy.rb +2 -2
- data/lib/rack/attack/store_proxy/mem_cache_store_proxy.rb +6 -2
- data/lib/rack/attack/store_proxy/redis_cache_store_proxy.rb +7 -3
- data/lib/rack/attack/store_proxy/redis_proxy.rb +6 -6
- data/lib/rack/attack/store_proxy/redis_store_proxy.rb +1 -1
- data/lib/rack/attack/throttle.rb +10 -2
- data/lib/rack/attack/version.rb +1 -1
- data/lib/rack/attack.rb +26 -10
- data/spec/acceptance/customizing_blocked_response_spec.rb +21 -4
- data/spec/acceptance/customizing_throttled_response_spec.rb +27 -6
- data/spec/acceptance/rails_middleware_spec.rb +3 -18
- data/spec/acceptance/stores/active_support_dalli_store_spec.rb +5 -1
- data/spec/acceptance/stores/active_support_redis_cache_store_pooled_spec.rb +1 -1
- data/spec/acceptance/stores/active_support_redis_cache_store_spec.rb +1 -1
- data/spec/rack_attack_spec.rb +4 -4
- data/spec/rack_attack_throttle_spec.rb +44 -0
- metadata +39 -39
- data/bin/setup +0 -8
- data/lib/rack/attack/store_proxy.rb +0 -21
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0399127f00624959bafee349ab2e6010acda84373c3df24ff18c3ff701a6c274'
|
4
|
+
data.tar.gz: 88bbb4465f8b7ecd0f82d9ad7217a66da96bb829c6982b0151ea2c19b5bba3c5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5a4d3d278b7c814c909ae0e01128f076f2ffcda003a56f688d803ccdfc5f72eeaa6c60412dc8e06769026f407860ac1259668fc61c0e87f1ef7a03434e17d982
|
7
|
+
data.tar.gz: 492e4659338b489d9fcdc3bd315148ec2e1802c6197ce4dc5d7eaf598c918866468387d1a2346bfc30c454605aeaa59aa7d9a4e50bdc08910b24a72c681053dc
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2016 Kickstarter, PBC
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
|
2
|
-
For the README consistent with the latest released version see https://github.com/
|
1
|
+
:warning: You are viewing the development's branch version of README which might contain documentation for unreleased features.
|
2
|
+
For the README consistent with the latest released version see https://github.com/rack/rack-attack/blob/6-stable/README.md.
|
3
3
|
|
4
4
|
# Rack::Attack
|
5
5
|
|
@@ -10,7 +10,7 @@ Protect your Rails and Rack apps from bad clients. Rack::Attack lets you easily
|
|
10
10
|
See the [Backing & Hacking blog post](https://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients) introducing Rack::Attack.
|
11
11
|
|
12
12
|
[![Gem Version](https://badge.fury.io/rb/rack-attack.svg)](https://badge.fury.io/rb/rack-attack)
|
13
|
-
[![
|
13
|
+
[![build](https://github.com/rack/rack-attack/actions/workflows/build.yml/badge.svg)](https://github.com/rack/rack-attack/actions/workflows/build.yml)
|
14
14
|
[![Code Climate](https://codeclimate.com/github/kickstarter/rack-attack.svg)](https://codeclimate.com/github/kickstarter/rack-attack)
|
15
15
|
[![Join the chat at https://gitter.im/rack-attack/rack-attack](https://badges.gitter.im/rack-attack/rack-attack.svg)](https://gitter.im/rack-attack/rack-attack)
|
16
16
|
|
@@ -37,9 +37,9 @@ See the [Backing & Hacking blog post](https://www.kickstarter.com/backing-and-ha
|
|
37
37
|
- [Customizing responses](#customizing-responses)
|
38
38
|
- [RateLimit headers for well-behaved clients](#ratelimit-headers-for-well-behaved-clients)
|
39
39
|
- [Logging & Instrumentation](#logging--instrumentation)
|
40
|
+
- [Testing](#testing)
|
40
41
|
- [How it works](#how-it-works)
|
41
42
|
- [About Tracks](#about-tracks)
|
42
|
-
- [Testing](#testing)
|
43
43
|
- [Performance](#performance)
|
44
44
|
- [Motivation](#motivation)
|
45
45
|
- [Contributing](#contributing)
|
@@ -71,12 +71,7 @@ Or install it yourself as:
|
|
71
71
|
|
72
72
|
Then tell your ruby web application to use rack-attack as a middleware.
|
73
73
|
|
74
|
-
a) For __rails__ applications
|
75
|
-
```ruby
|
76
|
-
# In config/application.rb
|
77
|
-
|
78
|
-
config.middleware.use Rack::Attack
|
79
|
-
```
|
74
|
+
a) For __rails__ applications it is used by default.
|
80
75
|
|
81
76
|
You can disable it permanently (like for specific environment) or temporarily (can be useful for specific test cases) by writing:
|
82
77
|
|
@@ -140,7 +135,7 @@ E.g.
|
|
140
135
|
# Provided that trusted users use an HTTP request header named APIKey
|
141
136
|
Rack::Attack.safelist("mark any authenticated access safe") do |request|
|
142
137
|
# Requests are allowed if the return value is truthy
|
143
|
-
request.env["
|
138
|
+
request.env["HTTP_APIKEY"] == "secret-string"
|
144
139
|
end
|
145
140
|
|
146
141
|
# Always allow requests from localhost
|
@@ -263,10 +258,12 @@ Rack::Attack.throttle("requests by ip", limit: 5, period: 2) do |request|
|
|
263
258
|
end
|
264
259
|
|
265
260
|
# Throttle login attempts for a given email parameter to 6 reqs/minute
|
266
|
-
# Return the email as a discriminator on POST /login requests
|
261
|
+
# Return the *normalized* email as a discriminator on POST /login requests
|
267
262
|
Rack::Attack.throttle('limit logins per email', limit: 6, period: 60) do |req|
|
268
263
|
if req.path == '/login' && req.post?
|
269
|
-
|
264
|
+
# Normalize the email, using the same logic as your authentication process, to
|
265
|
+
# protect against rate limit bypasses.
|
266
|
+
req.params['email'].to_s.downcase.gsub(/\s+/, "")
|
270
267
|
end
|
271
268
|
end
|
272
269
|
|
@@ -315,21 +312,21 @@ Note that `Rack::Attack.cache` is only used for throttling, allow2ban and fail2b
|
|
315
312
|
|
316
313
|
## Customizing responses
|
317
314
|
|
318
|
-
Customize the response of blocklisted and throttled requests using an object that adheres to the [Rack app interface](http://www.rubydoc.info/github/rack/rack/file/SPEC).
|
315
|
+
Customize the response of blocklisted and throttled requests using an object that adheres to the [Rack app interface](http://www.rubydoc.info/github/rack/rack/file/SPEC.rdoc).
|
319
316
|
|
320
317
|
```ruby
|
321
|
-
Rack::Attack.
|
318
|
+
Rack::Attack.blocklisted_responder = lambda do |request|
|
322
319
|
# Using 503 because it may make attacker think that they have successfully
|
323
320
|
# DOSed the site. Rack::Attack returns 403 for blocklists by default
|
324
321
|
[ 503, {}, ['Blocked']]
|
325
322
|
end
|
326
323
|
|
327
|
-
Rack::Attack.
|
324
|
+
Rack::Attack.throttled_responder = lambda do |request|
|
328
325
|
# NB: you have access to the name and other data about the matched throttle
|
329
|
-
# env['rack.attack.matched'],
|
330
|
-
# env['rack.attack.match_type'],
|
331
|
-
# env['rack.attack.match_data'],
|
332
|
-
# env['rack.attack.match_discriminator']
|
326
|
+
# request.env['rack.attack.matched'],
|
327
|
+
# request.env['rack.attack.match_type'],
|
328
|
+
# request.env['rack.attack.match_data'],
|
329
|
+
# request.env['rack.attack.match_discriminator']
|
333
330
|
|
334
331
|
# Using 503 because it may make attacker think that they have successfully
|
335
332
|
# DOSed the site. Rack::Attack returns 429 for throttling by default
|
@@ -342,7 +339,7 @@ end
|
|
342
339
|
While Rack::Attack's primary focus is minimizing harm from abusive clients, it
|
343
340
|
can also be used to return rate limit data that's helpful for well-behaved clients.
|
344
341
|
|
345
|
-
If you want to return to user how many seconds to wait until
|
342
|
+
If you want to return to user how many seconds to wait until they can start sending requests again, this can be done through enabling `Retry-After` header:
|
346
343
|
```ruby
|
347
344
|
Rack::Attack.throttled_response_retry_after_header = true
|
348
345
|
```
|
@@ -350,8 +347,8 @@ Rack::Attack.throttled_response_retry_after_header = true
|
|
350
347
|
Here's an example response that includes conventional `RateLimit-*` headers:
|
351
348
|
|
352
349
|
```ruby
|
353
|
-
Rack::Attack.
|
354
|
-
match_data = env['rack.attack.match_data']
|
350
|
+
Rack::Attack.throttled_responder = lambda do |request|
|
351
|
+
match_data = request.env['rack.attack.match_data']
|
355
352
|
now = match_data[:epoch_time]
|
356
353
|
|
357
354
|
headers = {
|
@@ -377,7 +374,7 @@ Rack::Attack uses the [ActiveSupport::Notifications](http://api.rubyonrails.org/
|
|
377
374
|
|
378
375
|
You can subscribe to `rack_attack` events and log it, graph it, etc.
|
379
376
|
|
380
|
-
To get notified about specific type of events, subscribe to the event name followed by the `rack_attack`
|
377
|
+
To get notified about specific type of events, subscribe to the event name followed by the `rack_attack` namespace.
|
381
378
|
E.g. for throttles use:
|
382
379
|
|
383
380
|
```ruby
|
@@ -398,6 +395,20 @@ ActiveSupport::Notifications.subscribe(/rack_attack/) do |name, start, finish, r
|
|
398
395
|
end
|
399
396
|
```
|
400
397
|
|
398
|
+
## Testing
|
399
|
+
|
400
|
+
A note on developing and testing apps using Rack::Attack - if you are using throttling in particular, you will
|
401
|
+
need to enable the cache in your development environment. See [Caching with Rails](http://guides.rubyonrails.org/caching_with_rails.html)
|
402
|
+
for more on how to do this.
|
403
|
+
|
404
|
+
### Disabling
|
405
|
+
|
406
|
+
`Rack::Attack.enabled = false` can be used to either completely disable Rack::Attack in your tests, or to disable/enable for specific test cases only.
|
407
|
+
|
408
|
+
### Test case isolation
|
409
|
+
|
410
|
+
`Rack::Attack.reset!` can be used in your test suite to clear any Rack::Attack state between different test cases. If you're testing blocklist and safelist configurations, consider using `Rack::Attack.clear_configuration` to unset the values for those lists between test cases.
|
411
|
+
|
401
412
|
## How it works
|
402
413
|
|
403
414
|
The Rack::Attack middleware compares each request against *safelists*, *blocklists*, *throttles*, and *tracks* that you define. There are none by default.
|
@@ -416,9 +427,9 @@ def call(env)
|
|
416
427
|
if safelisted?(req)
|
417
428
|
@app.call(env)
|
418
429
|
elsif blocklisted?(req)
|
419
|
-
self.class.
|
430
|
+
self.class.blocklisted_responder.call(req)
|
420
431
|
elsif throttled?(req)
|
421
|
-
self.class.
|
432
|
+
self.class.throttled_responder.call(req)
|
422
433
|
else
|
423
434
|
tracked?(req)
|
424
435
|
@app.call(env)
|
@@ -434,13 +445,6 @@ can cleanly monkey patch helper methods onto the
|
|
434
445
|
|
435
446
|
`Rack::Attack.track` doesn't affect request processing. Tracks are an easy way to log and measure requests matching arbitrary attributes.
|
436
447
|
|
437
|
-
|
438
|
-
## Testing
|
439
|
-
|
440
|
-
A note on developing and testing apps using Rack::Attack - if you are using throttling in particular, you will
|
441
|
-
need to enable the cache in your development environment. See [Caching with Rails](http://guides.rubyonrails.org/caching_with_rails.html)
|
442
|
-
for more on how to do this.
|
443
|
-
|
444
448
|
## Performance
|
445
449
|
|
446
450
|
The overhead of running Rack::Attack is typically negligible (a few milliseconds per request),
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'delegate'
|
4
|
+
|
5
|
+
module Rack
|
6
|
+
class Attack
|
7
|
+
class BaseProxy < SimpleDelegator
|
8
|
+
class << self
|
9
|
+
def proxies
|
10
|
+
@@proxies ||= []
|
11
|
+
end
|
12
|
+
|
13
|
+
def inherited(klass)
|
14
|
+
proxies << klass
|
15
|
+
end
|
16
|
+
|
17
|
+
def lookup(store)
|
18
|
+
proxies.find { |proxy| proxy.handle?(store) }
|
19
|
+
end
|
20
|
+
|
21
|
+
def handle?(_store)
|
22
|
+
raise NotImplementedError
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/rack/attack/cache.rb
CHANGED
@@ -12,8 +12,14 @@ module Rack
|
|
12
12
|
end
|
13
13
|
|
14
14
|
attr_reader :store
|
15
|
+
|
15
16
|
def store=(store)
|
16
|
-
@store =
|
17
|
+
@store =
|
18
|
+
if (proxy = BaseProxy.lookup(store))
|
19
|
+
proxy.new(store)
|
20
|
+
else
|
21
|
+
store
|
22
|
+
end
|
17
23
|
end
|
18
24
|
|
19
25
|
def count(unprefixed_key, period)
|
data/lib/rack/attack/check.rb
CHANGED
@@ -5,22 +5,36 @@ require "ipaddr"
|
|
5
5
|
module Rack
|
6
6
|
class Attack
|
7
7
|
class Configuration
|
8
|
-
|
8
|
+
DEFAULT_BLOCKLISTED_RESPONDER = lambda { |_req| [403, { 'content-type' => 'text/plain' }, ["Forbidden\n"]] }
|
9
9
|
|
10
|
-
|
10
|
+
DEFAULT_THROTTLED_RESPONDER = lambda do |req|
|
11
11
|
if Rack::Attack.configuration.throttled_response_retry_after_header
|
12
|
-
match_data = env['rack.attack.match_data']
|
12
|
+
match_data = req.env['rack.attack.match_data']
|
13
13
|
now = match_data[:epoch_time]
|
14
14
|
retry_after = match_data[:period] - (now % match_data[:period])
|
15
15
|
|
16
|
-
[429, { '
|
16
|
+
[429, { 'content-type' => 'text/plain', 'retry-after' => retry_after.to_s }, ["Retry later\n"]]
|
17
17
|
else
|
18
|
-
[429, { '
|
18
|
+
[429, { 'content-type' => 'text/plain' }, ["Retry later\n"]]
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
22
22
|
attr_reader :safelists, :blocklists, :throttles, :anonymous_blocklists, :anonymous_safelists
|
23
|
-
attr_accessor :
|
23
|
+
attr_accessor :blocklisted_responder, :throttled_responder, :throttled_response_retry_after_header
|
24
|
+
|
25
|
+
attr_reader :blocklisted_response, :throttled_response # Keeping these for backwards compatibility
|
26
|
+
|
27
|
+
def blocklisted_response=(responder)
|
28
|
+
warn "[DEPRECATION] Rack::Attack.blocklisted_response is deprecated. "\
|
29
|
+
"Please use Rack::Attack.blocklisted_responder instead."
|
30
|
+
@blocklisted_response = responder
|
31
|
+
end
|
32
|
+
|
33
|
+
def throttled_response=(responder)
|
34
|
+
warn "[DEPRECATION] Rack::Attack.throttled_response is deprecated. "\
|
35
|
+
"Please use Rack::Attack.throttled_responder instead"
|
36
|
+
@throttled_response = responder
|
37
|
+
end
|
24
38
|
|
25
39
|
def initialize
|
26
40
|
set_defaults
|
@@ -99,8 +113,12 @@ module Rack
|
|
99
113
|
@anonymous_safelists = []
|
100
114
|
@throttled_response_retry_after_header = false
|
101
115
|
|
102
|
-
@
|
103
|
-
@
|
116
|
+
@blocklisted_responder = DEFAULT_BLOCKLISTED_RESPONDER
|
117
|
+
@throttled_responder = DEFAULT_THROTTLED_RESPONDER
|
118
|
+
|
119
|
+
# Deprecated: Keeping these for backwards compatibility
|
120
|
+
@blocklisted_response = nil
|
121
|
+
@throttled_response = nil
|
104
122
|
end
|
105
123
|
end
|
106
124
|
end
|
data/lib/rack/attack/railtie.rb
CHANGED
@@ -4,9 +4,7 @@ module Rack
|
|
4
4
|
class Attack
|
5
5
|
class Railtie < ::Rails::Railtie
|
6
6
|
initializer "rack-attack.middleware" do |app|
|
7
|
-
|
8
|
-
app.middleware.use(Rack::Attack)
|
9
|
-
end
|
7
|
+
app.middleware.use(Rack::Attack)
|
10
8
|
end
|
11
9
|
end
|
12
10
|
end
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'rack/attack/base_proxy'
|
4
4
|
|
5
5
|
module Rack
|
6
6
|
class Attack
|
7
7
|
module StoreProxy
|
8
|
-
class ActiveSupportRedisStoreProxy <
|
8
|
+
class ActiveSupportRedisStoreProxy < BaseProxy
|
9
9
|
def self.handle?(store)
|
10
10
|
defined?(::Redis) &&
|
11
11
|
defined?(::ActiveSupport::Cache::RedisStore) &&
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'rack/attack/base_proxy'
|
4
4
|
|
5
5
|
module Rack
|
6
6
|
class Attack
|
7
7
|
module StoreProxy
|
8
|
-
class DalliProxy <
|
8
|
+
class DalliProxy < BaseProxy
|
9
9
|
def self.handle?(store)
|
10
10
|
return false unless defined?(::Dalli)
|
11
11
|
|
@@ -1,17 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'rack/attack/base_proxy'
|
4
4
|
|
5
5
|
module Rack
|
6
6
|
class Attack
|
7
7
|
module StoreProxy
|
8
|
-
class MemCacheStoreProxy <
|
8
|
+
class MemCacheStoreProxy < BaseProxy
|
9
9
|
def self.handle?(store)
|
10
10
|
defined?(::Dalli) &&
|
11
11
|
defined?(::ActiveSupport::Cache::MemCacheStore) &&
|
12
12
|
store.is_a?(::ActiveSupport::Cache::MemCacheStore)
|
13
13
|
end
|
14
14
|
|
15
|
+
def read(name, options = {})
|
16
|
+
super(name, options.merge!(raw: true))
|
17
|
+
end
|
18
|
+
|
15
19
|
def write(name, value, options = {})
|
16
20
|
super(name, value, options.merge!(raw: true))
|
17
21
|
end
|
@@ -1,16 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'rack/attack/base_proxy'
|
4
4
|
|
5
5
|
module Rack
|
6
6
|
class Attack
|
7
7
|
module StoreProxy
|
8
|
-
class RedisCacheStoreProxy <
|
8
|
+
class RedisCacheStoreProxy < BaseProxy
|
9
9
|
def self.handle?(store)
|
10
10
|
store.class.name == "ActiveSupport::Cache::RedisCacheStore"
|
11
11
|
end
|
12
12
|
|
13
|
-
def increment(name, amount = 1, options
|
13
|
+
def increment(name, amount = 1, **options)
|
14
14
|
# RedisCacheStore#increment ignores options[:expires_in].
|
15
15
|
#
|
16
16
|
# So in order to workaround this we use RedisCacheStore#write (which sets expiration) to initialize
|
@@ -24,6 +24,10 @@ module Rack
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
+
def read(name, options = {})
|
28
|
+
super(name, options.merge!(raw: true))
|
29
|
+
end
|
30
|
+
|
27
31
|
def write(name, value, options = {})
|
28
32
|
super(name, value, options.merge!(raw: true))
|
29
33
|
end
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'rack/attack/base_proxy'
|
4
4
|
|
5
5
|
module Rack
|
6
6
|
class Attack
|
7
7
|
module StoreProxy
|
8
|
-
class RedisProxy <
|
8
|
+
class RedisProxy < BaseProxy
|
9
9
|
def initialize(*args)
|
10
10
|
if Gem::Version.new(Redis::VERSION) < Gem::Version.new("3")
|
11
11
|
warn 'RackAttack requires Redis gem >= 3.0.0.'
|
@@ -15,7 +15,7 @@ module Rack
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def self.handle?(store)
|
18
|
-
defined?(::Redis) && store.
|
18
|
+
defined?(::Redis) && store.class == ::Redis
|
19
19
|
end
|
20
20
|
|
21
21
|
def read(key)
|
@@ -32,9 +32,9 @@ module Rack
|
|
32
32
|
|
33
33
|
def increment(key, amount, options = {})
|
34
34
|
rescuing do
|
35
|
-
pipelined do
|
36
|
-
incrby(key, amount)
|
37
|
-
expire(key, options[:expires_in]) if options[:expires_in]
|
35
|
+
pipelined do |redis|
|
36
|
+
redis.incrby(key, amount)
|
37
|
+
redis.expire(key, options[:expires_in]) if options[:expires_in]
|
38
38
|
end.first
|
39
39
|
end
|
40
40
|
end
|
data/lib/rack/attack/throttle.rb
CHANGED
@@ -6,6 +6,7 @@ module Rack
|
|
6
6
|
MANDATORY_OPTIONS = [:limit, :period].freeze
|
7
7
|
|
8
8
|
attr_reader :name, :limit, :period, :block, :type
|
9
|
+
|
9
10
|
def initialize(name, options, &block)
|
10
11
|
@name = name
|
11
12
|
@block = block
|
@@ -22,8 +23,7 @@ module Rack
|
|
22
23
|
end
|
23
24
|
|
24
25
|
def matched_by?(request)
|
25
|
-
discriminator =
|
26
|
-
|
26
|
+
discriminator = discriminator_for(request)
|
27
27
|
return false unless discriminator
|
28
28
|
|
29
29
|
current_period = period_for(request)
|
@@ -49,6 +49,14 @@ module Rack
|
|
49
49
|
|
50
50
|
private
|
51
51
|
|
52
|
+
def discriminator_for(request)
|
53
|
+
discriminator = block.call(request)
|
54
|
+
if discriminator && Rack::Attack.throttle_discriminator_normalizer
|
55
|
+
discriminator = Rack::Attack.throttle_discriminator_normalizer.call(discriminator)
|
56
|
+
end
|
57
|
+
discriminator
|
58
|
+
end
|
59
|
+
|
52
60
|
def period_for(request)
|
53
61
|
period.respond_to?(:call) ? period.call(request) : period
|
54
62
|
end
|
data/lib/rack/attack/version.rb
CHANGED
data/lib/rack/attack.rb
CHANGED
@@ -6,6 +6,12 @@ require 'rack/attack/cache'
|
|
6
6
|
require 'rack/attack/configuration'
|
7
7
|
require 'rack/attack/path_normalizer'
|
8
8
|
require 'rack/attack/request'
|
9
|
+
require 'rack/attack/store_proxy/dalli_proxy'
|
10
|
+
require 'rack/attack/store_proxy/mem_cache_store_proxy'
|
11
|
+
require 'rack/attack/store_proxy/redis_proxy'
|
12
|
+
require 'rack/attack/store_proxy/redis_store_proxy'
|
13
|
+
require 'rack/attack/store_proxy/redis_cache_store_proxy'
|
14
|
+
require 'rack/attack/store_proxy/active_support_redis_store_proxy'
|
9
15
|
|
10
16
|
require 'rack/attack/railtie' if defined?(::Rails)
|
11
17
|
|
@@ -21,18 +27,11 @@ module Rack
|
|
21
27
|
autoload :Safelist, 'rack/attack/safelist'
|
22
28
|
autoload :Blocklist, 'rack/attack/blocklist'
|
23
29
|
autoload :Track, 'rack/attack/track'
|
24
|
-
autoload :StoreProxy, 'rack/attack/store_proxy'
|
25
|
-
autoload :DalliProxy, 'rack/attack/store_proxy/dalli_proxy'
|
26
|
-
autoload :MemCacheStoreProxy, 'rack/attack/store_proxy/mem_cache_store_proxy'
|
27
|
-
autoload :RedisProxy, 'rack/attack/store_proxy/redis_proxy'
|
28
|
-
autoload :RedisStoreProxy, 'rack/attack/store_proxy/redis_store_proxy'
|
29
|
-
autoload :RedisCacheStoreProxy, 'rack/attack/store_proxy/redis_cache_store_proxy'
|
30
|
-
autoload :ActiveSupportRedisStoreProxy, 'rack/attack/store_proxy/active_support_redis_store_proxy'
|
31
30
|
autoload :Fail2Ban, 'rack/attack/fail2ban'
|
32
31
|
autoload :Allow2Ban, 'rack/attack/allow2ban'
|
33
32
|
|
34
33
|
class << self
|
35
|
-
attr_accessor :enabled, :notifier
|
34
|
+
attr_accessor :enabled, :notifier, :throttle_discriminator_normalizer
|
36
35
|
attr_reader :configuration
|
37
36
|
|
38
37
|
def instrument(request)
|
@@ -67,6 +66,10 @@ module Rack
|
|
67
66
|
:safelist_ip,
|
68
67
|
:throttle,
|
69
68
|
:track,
|
69
|
+
:throttled_responder,
|
70
|
+
:throttled_responder=,
|
71
|
+
:blocklisted_responder,
|
72
|
+
:blocklisted_responder=,
|
70
73
|
:blocklisted_response,
|
71
74
|
:blocklisted_response=,
|
72
75
|
:throttled_response,
|
@@ -84,6 +87,9 @@ module Rack
|
|
84
87
|
# Set defaults
|
85
88
|
@enabled = true
|
86
89
|
@notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
|
90
|
+
@throttle_discriminator_normalizer = lambda do |discriminator|
|
91
|
+
discriminator.to_s.strip.downcase
|
92
|
+
end
|
87
93
|
@configuration = Configuration.new
|
88
94
|
|
89
95
|
attr_reader :configuration
|
@@ -103,9 +109,19 @@ module Rack
|
|
103
109
|
if configuration.safelisted?(request)
|
104
110
|
@app.call(env)
|
105
111
|
elsif configuration.blocklisted?(request)
|
106
|
-
|
112
|
+
# Deprecated: Keeping blocklisted_response for backwards compatibility
|
113
|
+
if configuration.blocklisted_response
|
114
|
+
configuration.blocklisted_response.call(env)
|
115
|
+
else
|
116
|
+
configuration.blocklisted_responder.call(request)
|
117
|
+
end
|
107
118
|
elsif configuration.throttled?(request)
|
108
|
-
|
119
|
+
# Deprecated: Keeping throttled_response for backwards compatibility
|
120
|
+
if configuration.throttled_response
|
121
|
+
configuration.throttled_response.call(env)
|
122
|
+
else
|
123
|
+
configuration.throttled_responder.call(request)
|
124
|
+
end
|
109
125
|
else
|
110
126
|
configuration.tracked?(request)
|
111
127
|
@app.call(env)
|
@@ -14,7 +14,7 @@ describe "Customizing block responses" do
|
|
14
14
|
|
15
15
|
assert_equal 403, last_response.status
|
16
16
|
|
17
|
-
Rack::Attack.
|
17
|
+
Rack::Attack.blocklisted_responder = lambda do |_req|
|
18
18
|
[503, {}, ["Blocked"]]
|
19
19
|
end
|
20
20
|
|
@@ -28,9 +28,9 @@ describe "Customizing block responses" do
|
|
28
28
|
matched = nil
|
29
29
|
match_type = nil
|
30
30
|
|
31
|
-
Rack::Attack.
|
32
|
-
matched = env['rack.attack.matched']
|
33
|
-
match_type = env['rack.attack.match_type']
|
31
|
+
Rack::Attack.blocklisted_responder = lambda do |req|
|
32
|
+
matched = req.env['rack.attack.matched']
|
33
|
+
match_type = req.env['rack.attack.match_type']
|
34
34
|
|
35
35
|
[503, {}, ["Blocked"]]
|
36
36
|
end
|
@@ -40,4 +40,21 @@ describe "Customizing block responses" do
|
|
40
40
|
assert_equal "block 1.2.3.4", matched
|
41
41
|
assert_equal :blocklist, match_type
|
42
42
|
end
|
43
|
+
|
44
|
+
it "supports old style" do
|
45
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
46
|
+
|
47
|
+
assert_equal 403, last_response.status
|
48
|
+
|
49
|
+
silence_warnings do
|
50
|
+
Rack::Attack.blocklisted_response = lambda do |_env|
|
51
|
+
[503, {}, ["Blocked"]]
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
56
|
+
|
57
|
+
assert_equal 503, last_response.status
|
58
|
+
assert_equal "Blocked", last_response.body
|
59
|
+
end
|
43
60
|
end
|
@@ -20,7 +20,7 @@ describe "Customizing throttled response" do
|
|
20
20
|
|
21
21
|
assert_equal 429, last_response.status
|
22
22
|
|
23
|
-
Rack::Attack.
|
23
|
+
Rack::Attack.throttled_responder = lambda do |_req|
|
24
24
|
[503, {}, ["Throttled"]]
|
25
25
|
end
|
26
26
|
|
@@ -36,11 +36,11 @@ describe "Customizing throttled response" do
|
|
36
36
|
match_data = nil
|
37
37
|
match_discriminator = nil
|
38
38
|
|
39
|
-
Rack::Attack.
|
40
|
-
matched = env['rack.attack.matched']
|
41
|
-
match_type = env['rack.attack.match_type']
|
42
|
-
match_data = env['rack.attack.match_data']
|
43
|
-
match_discriminator = env['rack.attack.match_discriminator']
|
39
|
+
Rack::Attack.throttled_responder = lambda do |req|
|
40
|
+
matched = req.env['rack.attack.matched']
|
41
|
+
match_type = req.env['rack.attack.match_type']
|
42
|
+
match_data = req.env['rack.attack.match_data']
|
43
|
+
match_discriminator = req.env['rack.attack.match_discriminator']
|
44
44
|
|
45
45
|
[429, {}, ["Throttled"]]
|
46
46
|
end
|
@@ -58,4 +58,25 @@ describe "Customizing throttled response" do
|
|
58
58
|
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
59
59
|
assert_equal 3, match_data[:count]
|
60
60
|
end
|
61
|
+
|
62
|
+
it "supports old style" do
|
63
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
64
|
+
|
65
|
+
assert_equal 200, last_response.status
|
66
|
+
|
67
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
68
|
+
|
69
|
+
assert_equal 429, last_response.status
|
70
|
+
|
71
|
+
silence_warnings do
|
72
|
+
Rack::Attack.throttled_response = lambda do |_req|
|
73
|
+
[503, {}, ["Throttled"]]
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
78
|
+
|
79
|
+
assert_equal 503, last_response.status
|
80
|
+
assert_equal "Throttled", last_response.body
|
81
|
+
end
|
61
82
|
end
|
@@ -12,24 +12,9 @@ if defined?(Rails)
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
assert_equal 1, @app.middleware.count(Rack::Attack)
|
19
|
-
end
|
20
|
-
|
21
|
-
it "is not added when it was explicitly deleted" do
|
22
|
-
@app.config.middleware.delete(Rack::Attack)
|
23
|
-
@app.initialize!
|
24
|
-
refute @app.middleware.include?(Rack::Attack)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
if Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new("5.1")
|
29
|
-
it "is not used by default" do
|
30
|
-
@app.initialize!
|
31
|
-
assert_equal 0, @app.middleware.count(Rack::Attack)
|
32
|
-
end
|
15
|
+
it "is used by default" do
|
16
|
+
@app.initialize!
|
17
|
+
assert @app.middleware.include?(Rack::Attack)
|
33
18
|
end
|
34
19
|
end
|
35
20
|
end
|
@@ -2,7 +2,11 @@
|
|
2
2
|
|
3
3
|
require_relative "../../spec_helper"
|
4
4
|
|
5
|
-
|
5
|
+
should_run =
|
6
|
+
defined?(::Dalli) &&
|
7
|
+
Gem::Version.new(::Dalli::VERSION) < Gem::Version.new("3")
|
8
|
+
|
9
|
+
if should_run
|
6
10
|
require_relative "../../support/cache_store_helper"
|
7
11
|
require "active_support/cache/dalli_store"
|
8
12
|
require "timecop"
|
@@ -21,6 +21,6 @@ if should_run
|
|
21
21
|
Rack::Attack.cache.store.clear
|
22
22
|
end
|
23
23
|
|
24
|
-
it_works_for_cache_backed_features(fetch_from_store: ->(key) { Rack::Attack.cache.store.
|
24
|
+
it_works_for_cache_backed_features(fetch_from_store: ->(key) { Rack::Attack.cache.store.read(key) })
|
25
25
|
end
|
26
26
|
end
|
@@ -20,6 +20,6 @@ if should_run
|
|
20
20
|
Rack::Attack.cache.store.clear
|
21
21
|
end
|
22
22
|
|
23
|
-
it_works_for_cache_backed_features(fetch_from_store: ->(key) { Rack::Attack.cache.store.
|
23
|
+
it_works_for_cache_backed_features(fetch_from_store: ->(key) { Rack::Attack.cache.store.read(key) })
|
24
24
|
end
|
25
25
|
end
|
data/spec/rack_attack_spec.rb
CHANGED
@@ -64,15 +64,15 @@ describe 'Rack::Attack' do
|
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
|
-
describe '#
|
67
|
+
describe '#blocklisted_responder' do
|
68
68
|
it 'should exist' do
|
69
|
-
_(Rack::Attack.
|
69
|
+
_(Rack::Attack.blocklisted_responder).must_respond_to :call
|
70
70
|
end
|
71
71
|
end
|
72
72
|
|
73
|
-
describe '#
|
73
|
+
describe '#throttled_responder' do
|
74
74
|
it 'should exist' do
|
75
|
-
_(Rack::Attack.
|
75
|
+
_(Rack::Attack.throttled_responder).must_respond_to :call
|
76
76
|
end
|
77
77
|
end
|
78
78
|
end
|
@@ -144,3 +144,47 @@ describe 'Rack::Attack.throttle with block retuning nil' do
|
|
144
144
|
end
|
145
145
|
end
|
146
146
|
end
|
147
|
+
|
148
|
+
describe 'Rack::Attack.throttle with throttle_discriminator_normalizer' do
|
149
|
+
before do
|
150
|
+
@period = 60
|
151
|
+
@emails = [
|
152
|
+
"person@example.com",
|
153
|
+
"PERSON@example.com ",
|
154
|
+
" person@example.com\r\n ",
|
155
|
+
]
|
156
|
+
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
157
|
+
Rack::Attack.throttle('logins/email', limit: 4, period: @period) do |req|
|
158
|
+
if req.path == '/login' && req.post?
|
159
|
+
req.params['email']
|
160
|
+
end
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
it 'should not differentiate requests when throttle_discriminator_normalizer is enabled' do
|
165
|
+
post_logins
|
166
|
+
key = "rack::attack:#{Time.now.to_i / @period}:logins/email:person@example.com"
|
167
|
+
_(Rack::Attack.cache.store.read(key)).must_equal 3
|
168
|
+
end
|
169
|
+
|
170
|
+
it 'should differentiate requests when throttle_discriminator_normalizer is disabled' do
|
171
|
+
begin
|
172
|
+
prev = Rack::Attack.throttle_discriminator_normalizer
|
173
|
+
Rack::Attack.throttle_discriminator_normalizer = nil
|
174
|
+
|
175
|
+
post_logins
|
176
|
+
@emails.each do |email|
|
177
|
+
key = "rack::attack:#{Time.now.to_i / @period}:logins/email:#{email}"
|
178
|
+
_(Rack::Attack.cache.store.read(key)).must_equal 1
|
179
|
+
end
|
180
|
+
ensure
|
181
|
+
Rack::Attack.throttle_discriminator_normalizer = prev
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
def post_logins
|
186
|
+
@emails.each do |email|
|
187
|
+
post '/login', email: email
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-attack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aaron Suggs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-04-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -126,14 +126,14 @@ dependencies:
|
|
126
126
|
requirements:
|
127
127
|
- - '='
|
128
128
|
- !ruby/object:Gem::Version
|
129
|
-
version: 0.
|
129
|
+
version: 0.89.1
|
130
130
|
type: :development
|
131
131
|
prerelease: false
|
132
132
|
version_requirements: !ruby/object:Gem::Requirement
|
133
133
|
requirements:
|
134
134
|
- - '='
|
135
135
|
- !ruby/object:Gem::Version
|
136
|
-
version: 0.
|
136
|
+
version: 0.89.1
|
137
137
|
- !ruby/object:Gem::Dependency
|
138
138
|
name: rubocop-performance
|
139
139
|
requirement: !ruby/object:Gem::Requirement
|
@@ -185,7 +185,7 @@ dependencies:
|
|
185
185
|
version: '4.2'
|
186
186
|
- - "<"
|
187
187
|
- !ruby/object:Gem::Version
|
188
|
-
version: '
|
188
|
+
version: '7.1'
|
189
189
|
type: :development
|
190
190
|
prerelease: false
|
191
191
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -195,18 +195,19 @@ dependencies:
|
|
195
195
|
version: '4.2'
|
196
196
|
- - "<"
|
197
197
|
- !ruby/object:Gem::Version
|
198
|
-
version: '
|
198
|
+
version: '7.1'
|
199
199
|
description: A rack middleware for throttling and blocking abusive requests
|
200
200
|
email: aaron@ktheory.com
|
201
201
|
executables: []
|
202
202
|
extensions: []
|
203
203
|
extra_rdoc_files: []
|
204
204
|
files:
|
205
|
+
- LICENSE
|
205
206
|
- README.md
|
206
207
|
- Rakefile
|
207
|
-
- bin/setup
|
208
208
|
- lib/rack/attack.rb
|
209
209
|
- lib/rack/attack/allow2ban.rb
|
210
|
+
- lib/rack/attack/base_proxy.rb
|
210
211
|
- lib/rack/attack/blocklist.rb
|
211
212
|
- lib/rack/attack/cache.rb
|
212
213
|
- lib/rack/attack/check.rb
|
@@ -216,7 +217,6 @@ files:
|
|
216
217
|
- lib/rack/attack/railtie.rb
|
217
218
|
- lib/rack/attack/request.rb
|
218
219
|
- lib/rack/attack/safelist.rb
|
219
|
-
- lib/rack/attack/store_proxy.rb
|
220
220
|
- lib/rack/attack/store_proxy/active_support_redis_store_proxy.rb
|
221
221
|
- lib/rack/attack/store_proxy/dalli_proxy.rb
|
222
222
|
- lib/rack/attack/store_proxy/mem_cache_store_proxy.rb
|
@@ -268,13 +268,13 @@ files:
|
|
268
268
|
- spec/rack_attack_track_spec.rb
|
269
269
|
- spec/spec_helper.rb
|
270
270
|
- spec/support/cache_store_helper.rb
|
271
|
-
homepage: https://github.com/
|
271
|
+
homepage: https://github.com/rack/rack-attack
|
272
272
|
licenses:
|
273
273
|
- MIT
|
274
274
|
metadata:
|
275
|
-
bug_tracker_uri: https://github.com/
|
276
|
-
changelog_uri: https://github.com/
|
277
|
-
source_code_uri: https://github.com/
|
275
|
+
bug_tracker_uri: https://github.com/rack/rack-attack/issues
|
276
|
+
changelog_uri: https://github.com/rack/rack-attack/blob/main/CHANGELOG.md
|
277
|
+
source_code_uri: https://github.com/rack/rack-attack
|
278
278
|
post_install_message:
|
279
279
|
rdoc_options:
|
280
280
|
- "--charset=UTF-8"
|
@@ -284,57 +284,57 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
284
284
|
requirements:
|
285
285
|
- - ">="
|
286
286
|
- !ruby/object:Gem::Version
|
287
|
-
version: '2.
|
287
|
+
version: '2.4'
|
288
288
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
289
289
|
requirements:
|
290
290
|
- - ">="
|
291
291
|
- !ruby/object:Gem::Version
|
292
292
|
version: '0'
|
293
293
|
requirements: []
|
294
|
-
rubygems_version: 3.
|
294
|
+
rubygems_version: 3.3.11
|
295
295
|
signing_key:
|
296
296
|
specification_version: 4
|
297
297
|
summary: Block & throttle abusive requests
|
298
298
|
test_files:
|
299
|
-
- spec/integration/offline_spec.rb
|
300
|
-
- spec/rack_attack_path_normalizer_spec.rb
|
301
|
-
- spec/acceptance/safelisting_subnet_spec.rb
|
302
|
-
- spec/acceptance/rails_middleware_spec.rb
|
303
|
-
- spec/acceptance/track_throttle_spec.rb
|
304
|
-
- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
|
305
|
-
- spec/acceptance/cache_store_config_with_rails_spec.rb
|
306
|
-
- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
|
307
|
-
- spec/acceptance/safelisting_ip_spec.rb
|
308
|
-
- spec/acceptance/track_spec.rb
|
309
|
-
- spec/acceptance/blocking_subnet_spec.rb
|
310
|
-
- spec/acceptance/blocking_ip_spec.rb
|
311
299
|
- spec/acceptance/allow2ban_spec.rb
|
312
|
-
- spec/acceptance/
|
300
|
+
- spec/acceptance/blocking_ip_spec.rb
|
313
301
|
- spec/acceptance/blocking_spec.rb
|
302
|
+
- spec/acceptance/blocking_subnet_spec.rb
|
303
|
+
- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
|
304
|
+
- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
|
305
|
+
- spec/acceptance/cache_store_config_for_throttle_spec.rb
|
306
|
+
- spec/acceptance/cache_store_config_with_rails_spec.rb
|
307
|
+
- spec/acceptance/customizing_blocked_response_spec.rb
|
314
308
|
- spec/acceptance/customizing_throttled_response_spec.rb
|
315
309
|
- spec/acceptance/extending_request_object_spec.rb
|
316
|
-
- spec/acceptance/safelisting_spec.rb
|
317
|
-
- spec/acceptance/cache_store_config_for_throttle_spec.rb
|
318
310
|
- spec/acceptance/fail2ban_spec.rb
|
311
|
+
- spec/acceptance/rails_middleware_spec.rb
|
312
|
+
- spec/acceptance/safelisting_ip_spec.rb
|
313
|
+
- spec/acceptance/safelisting_spec.rb
|
314
|
+
- spec/acceptance/safelisting_subnet_spec.rb
|
315
|
+
- spec/acceptance/stores/active_support_dalli_store_spec.rb
|
319
316
|
- spec/acceptance/stores/active_support_mem_cache_store_pooled_spec.rb
|
320
|
-
- spec/acceptance/stores/active_support_redis_cache_store_spec.rb
|
321
|
-
- spec/acceptance/stores/active_support_memory_store_spec.rb
|
322
|
-
- spec/acceptance/stores/active_support_redis_store_spec.rb
|
323
317
|
- spec/acceptance/stores/active_support_mem_cache_store_spec.rb
|
318
|
+
- spec/acceptance/stores/active_support_memory_store_spec.rb
|
324
319
|
- spec/acceptance/stores/active_support_redis_cache_store_pooled_spec.rb
|
320
|
+
- spec/acceptance/stores/active_support_redis_cache_store_spec.rb
|
321
|
+
- spec/acceptance/stores/active_support_redis_store_spec.rb
|
325
322
|
- spec/acceptance/stores/connection_pool_dalli_client_spec.rb
|
326
|
-
- spec/acceptance/stores/active_support_dalli_store_spec.rb
|
327
|
-
- spec/acceptance/stores/redis_store_spec.rb
|
328
323
|
- spec/acceptance/stores/dalli_client_spec.rb
|
329
324
|
- spec/acceptance/stores/redis_spec.rb
|
330
|
-
- spec/acceptance/
|
331
|
-
- spec/
|
325
|
+
- spec/acceptance/stores/redis_store_spec.rb
|
326
|
+
- spec/acceptance/throttling_spec.rb
|
327
|
+
- spec/acceptance/track_spec.rb
|
328
|
+
- spec/acceptance/track_throttle_spec.rb
|
332
329
|
- spec/allow2ban_spec.rb
|
333
|
-
- spec/
|
330
|
+
- spec/fail2ban_spec.rb
|
331
|
+
- spec/integration/offline_spec.rb
|
334
332
|
- spec/rack_attack_dalli_proxy_spec.rb
|
333
|
+
- spec/rack_attack_instrumentation_spec.rb
|
334
|
+
- spec/rack_attack_path_normalizer_spec.rb
|
335
|
+
- spec/rack_attack_request_spec.rb
|
335
336
|
- spec/rack_attack_spec.rb
|
336
337
|
- spec/rack_attack_throttle_spec.rb
|
337
|
-
- spec/rack_attack_request_spec.rb
|
338
|
-
- spec/fail2ban_spec.rb
|
339
338
|
- spec/rack_attack_track_spec.rb
|
339
|
+
- spec/spec_helper.rb
|
340
340
|
- spec/support/cache_store_helper.rb
|
data/bin/setup
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rack
|
4
|
-
class Attack
|
5
|
-
module StoreProxy
|
6
|
-
PROXIES = [
|
7
|
-
DalliProxy,
|
8
|
-
MemCacheStoreProxy,
|
9
|
-
RedisStoreProxy,
|
10
|
-
RedisProxy,
|
11
|
-
RedisCacheStoreProxy,
|
12
|
-
ActiveSupportRedisStoreProxy
|
13
|
-
].freeze
|
14
|
-
|
15
|
-
def self.build(store)
|
16
|
-
klass = PROXIES.find { |proxy| proxy.handle?(store) }
|
17
|
-
klass ? klass.new(store) : store
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|