rack-attack 5.0.0.beta1 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +28 -7
- data/lib/rack/attack/version.rb +1 -1
- data/spec/integration/offline_spec.rb +1 -1
- data/spec/rack_attack_throttle_spec.rb +22 -0
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef73037a3db9840b433aeb5a0d185f95edeef9be
|
4
|
+
data.tar.gz: 98bbf2ea7bbad24f423ff21bf2da4ce4a4f13fc9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0c796ea400d3425a0111f16d78efc883113f1fd2a3f55ba624c089978b39235f4851ffe2b546da7b1fe4fce181eea3cff9644185dbb36c373ce22bff3011ddd3
|
7
|
+
data.tar.gz: a89e8d96ba25124d062d6da2665827d85773876705310a364a6cc74c90e1349c3d5efed63065846770ffd1c0c537fd0a9756539c6d77f8473653c4d7e20f5940
|
data/README.md
CHANGED
@@ -230,19 +230,40 @@ Rack::Attack.blocklisted_response = lambda do |env|
|
|
230
230
|
end
|
231
231
|
|
232
232
|
Rack::Attack.throttled_response = lambda do |env|
|
233
|
-
# name and other data about the matched throttle
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
env['rack.attack.match_data']
|
238
|
-
].inspect
|
233
|
+
# NB: you have access to the name and other data about the matched throttle
|
234
|
+
# env['rack.attack.matched'],
|
235
|
+
# env['rack.attack.match_type'],
|
236
|
+
# env['rack.attack.match_data']
|
239
237
|
|
240
238
|
# Using 503 because it may make attacker think that they have successfully
|
241
239
|
# DOSed the site. Rack::Attack returns 429 for throttling by default
|
242
|
-
[ 503, {}, [
|
240
|
+
[ 503, {}, ["Server Error\n"]]
|
243
241
|
end
|
244
242
|
```
|
245
243
|
|
244
|
+
### X-RateLimit headers for well-behaved clients
|
245
|
+
|
246
|
+
While Rack::Attack's primary focus is minimizing harm from abusive clients, it
|
247
|
+
can also be used to return rate limit data that's helpful for well-behaved clients.
|
248
|
+
|
249
|
+
Here's an example response that includes conventional `X-RateLimit-*` headers:
|
250
|
+
|
251
|
+
```ruby
|
252
|
+
Rack::Attack.throttled_response = lambda do |env|
|
253
|
+
now = Time.now
|
254
|
+
match_data = env['rack.attack.match_data']
|
255
|
+
|
256
|
+
headers = {
|
257
|
+
'X-RateLimit-Limit' => match_data[:limit].to_s,
|
258
|
+
'X-RateLimit-Remaining' => '0',
|
259
|
+
'X-RateLimit-Reset' => (now + (match_data[:period] - now.to_i % match_data[:period])).to_s
|
260
|
+
}
|
261
|
+
|
262
|
+
[ 429, headers, ["Throttled\n"]]
|
263
|
+
end
|
264
|
+
```
|
265
|
+
|
266
|
+
|
246
267
|
For responses that did not exceed a throttle limit, Rack::Attack annotates the env with match data:
|
247
268
|
|
248
269
|
```ruby
|
data/lib/rack/attack/version.rb
CHANGED
@@ -85,3 +85,25 @@ describe 'Rack::Attack.throttle with period as proc' do
|
|
85
85
|
end
|
86
86
|
end
|
87
87
|
end
|
88
|
+
|
89
|
+
describe 'Rack::Attack.throttle with block retuning nil' do
|
90
|
+
before do
|
91
|
+
@period = 60
|
92
|
+
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
93
|
+
Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |_| nil }
|
94
|
+
end
|
95
|
+
|
96
|
+
allow_ok_requests
|
97
|
+
|
98
|
+
describe 'a single request' do
|
99
|
+
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
|
100
|
+
it 'should not set the counter' do
|
101
|
+
key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
|
102
|
+
Rack::Attack.cache.store.read(key).must_equal nil
|
103
|
+
end
|
104
|
+
|
105
|
+
it 'should not populate throttle data' do
|
106
|
+
last_request.env['rack.attack.throttle_data'].must_equal nil
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-attack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.0
|
4
|
+
version: 5.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aaron Suggs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -215,9 +215,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
215
215
|
version: 2.0.0
|
216
216
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
217
217
|
requirements:
|
218
|
-
- - "
|
218
|
+
- - ">="
|
219
219
|
- !ruby/object:Gem::Version
|
220
|
-
version:
|
220
|
+
version: '0'
|
221
221
|
requirements: []
|
222
222
|
rubyforge_project:
|
223
223
|
rubygems_version: 2.5.1
|