rack-attack 4.1.0 → 4.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack-attack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +6 -2
- data/lib/rack/attack/cache.rb +2 -1
- data/lib/rack/attack/request.rb +13 -0
- data/lib/rack/attack/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5fcafc0f62e4bc044a43ebff9f20d2059db798be
|
|
4
|
+
data.tar.gz: 19ef91c505bac94a8e9e7cb0e9e672ce2c3f6aa7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 51e6cbf5836d2edef0186e310eadc05ab859db5ba03bc3243250e9c0e739961d4a58c96021db8a0966afaa9b94cbf23e43cffb6689e4e6902b04170a575af6ab
|
|
7
|
+
data.tar.gz: afd3639047fe6ac3c6e749d1efc1ceccd0d6100a9ae43d4947d48f09e4af2df48b94d66e879551d8ff6ccd1260467d5d5ad90604f0d942f0d9b61a5ce78cd71b
|
data/README.md
CHANGED
|
@@ -68,7 +68,7 @@ The algorithm is actually more concise in code: See [Rack::Attack.call](https://
|
|
|
68
68
|
|
|
69
69
|
```ruby
|
|
70
70
|
def call(env)
|
|
71
|
-
req = Rack::Request.new(env)
|
|
71
|
+
req = Rack::Attack::Request.new(env)
|
|
72
72
|
|
|
73
73
|
if whitelisted?(req)
|
|
74
74
|
@app.call(env)
|
|
@@ -83,6 +83,10 @@ def call(env)
|
|
|
83
83
|
end
|
|
84
84
|
```
|
|
85
85
|
|
|
86
|
+
Note: `Rack::Attack::Request` is just a subclass of `Rack::Attack` so that you
|
|
87
|
+
can cleanly monkey patch helper methods onto the
|
|
88
|
+
[request object](https://github.com/kickstarter/rack-attack/blob/master/lib/rack/attack/request.rb).
|
|
89
|
+
|
|
86
90
|
## About Tracks
|
|
87
91
|
|
|
88
92
|
`Rack::Attack.track` doesn't affect request processing. Tracks are an easy way to log and measure requests matching arbitrary attributes.
|
|
@@ -109,7 +113,7 @@ end
|
|
|
109
113
|
```ruby
|
|
110
114
|
# Block requests from 1.2.3.4
|
|
111
115
|
Rack::Attack.blacklist('block 1.2.3.4') do |req|
|
|
112
|
-
#
|
|
116
|
+
# Requests are blocked if the return value is truthy
|
|
113
117
|
'1.2.3.4' == req.ip
|
|
114
118
|
end
|
|
115
119
|
|
data/lib/rack/attack/cache.rb
CHANGED
|
@@ -16,7 +16,8 @@ module Rack
|
|
|
16
16
|
|
|
17
17
|
def count(unprefixed_key, period)
|
|
18
18
|
epoch_time = Time.now.to_i
|
|
19
|
-
expires_in
|
|
19
|
+
# Add 1 to expires_in to avoid timing error: http://git.io/i1PHXA
|
|
20
|
+
expires_in = period - (epoch_time % period) + 1
|
|
20
21
|
key = "#{prefix}:#{(epoch_time/period).to_i}:#{unprefixed_key}"
|
|
21
22
|
do_count(key, expires_in)
|
|
22
23
|
end
|
data/lib/rack/attack/request.rb
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
# Rack::Attack::Request is the same as ::Rack::Request by default.
|
|
2
|
+
#
|
|
3
|
+
# This is a safe place to add custom helper methods to the request object
|
|
4
|
+
# through monkey patching:
|
|
5
|
+
#
|
|
6
|
+
# class Rack::Attack::Request < ::Rack::Request
|
|
7
|
+
# def localhost?
|
|
8
|
+
# ip == "127.0.0.1"
|
|
9
|
+
# end
|
|
10
|
+
# end
|
|
11
|
+
#
|
|
12
|
+
# Rack::Attack.whitelist("localhost") {|req| req.localhost? }
|
|
13
|
+
#
|
|
1
14
|
module Rack
|
|
2
15
|
class Attack
|
|
3
16
|
class Request < ::Rack::Request
|
data/lib/rack/attack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.1.
|
|
4
|
+
version: 4.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Suggs
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|