rack-dedos 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a6136473af715369f93cdd16ed44fbbbdc241ee0efa1c7743a5590735ec5d392
-  data.tar.gz: cd541b5cfb7cd9dfdb4262670d8190bf942215a65e6a984e48e9e7e7f7db1f6c
+  metadata.gz: ec975fa6b00c228589811832180fae90d61ba898ef4b08881c9f7897d06ee4d1
+  data.tar.gz: 51d214aa83afb5fb9c3d1397be8ef7ba35c26bf9dfc77a0dd1d9ea3b69864558
 SHA512:
-  metadata.gz: caf872690a89e1e502974fa7560a5e5aa6499545a213cb82b2e03b788cda2075822ae1a8be23e23ff67a220087d56c6fa6d76a7388d6b4887c8f0a6e51f10f0c
-  data.tar.gz: 14a31dd383c251c9333968744c91ebb9833e7dc501b68db2cda7e2c1c10b4f44090dafbdb1edf1de1f9042dba0338c44279852478a48a1bbd1a5394b05078b4a
+  metadata.gz: 20594ffae8646abd32f009a6bf203cc464720489e60885e1ebd60e60054c84c0ad0563c3f50dc7e248277bbc239db8592c699faf1e5c395f71572da4ef08ff78
+  data.tar.gz: 859501a8bb90c6823c413b4bc30bb597491699eb009820e9d61875eee15e4e4f970225bd66b8206cd81c78f24fa8f1cd97a355b070222dee78db0e7543833290

data/CHANGELOG.md

@@ -2,6 +2,21 @@
 
 Nothing so far
 
+## 0.5.0
+
+### Changes
+* Update to Ruby 4.0
+* Require Minitest >= 6
+
+## 0.4.2
+
+### Changes
+* Use [BreakVer](https://www.taoensso.com/break-versioning) from this point forward
+
+### Additions
+* Include the requested URL in warnings
+* Add `only_paths` and `except_paths` options
+
 ## 0.4.1
 
 ### Fixes

data/README.md

@@ -31,14 +31,56 @@ And then install the bundle:
 bundle install
 ```
 
-## Configuration
+⚠️ This gem initially followed [SemVer](https://semver.org) loosely but transitioned to [BreakVer](https://www.taoensso.com/break-versioning) starting from version 0.4.2 onwards.
 
-Given the drastic nature of the filters, you should use this middleware for production environments only and/or if an environment variable like `UNDER_ATTACK` is set to true.
+## Usage
+
+You should use an environment variable such as `UNDER_ATTACK` to enable Rack::Dedos only when your app is actually under attack.
+
+### Rackup
+
+```ruby
+#!/usr/bin/env rackup
+require 'rack/dedos'
+
+if %w(true t on 1).include? ENV['UNDER_ATTACK']
+  use Rack::Dedos
+end
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }
+```
+
+### Hanami
+
+```ruby
+# config/settings.rb
+
+module MyApp
+  class Settings < Hanami::Settings
+    setting :under_attack, default: false, constructor: Types::Params::Bool
+  end
+end
+```
+
+```ruby
+# config/app.rb
+
+module MyApp
+  class App < Hanami::App
+    environment(:production) do
+      if setting.under_attack
+        middleware.use Rack::Dedos
+      end
+    end
+  end
+end
+```
 
 ### Rails
 
 ```ruby
 # config/application.rb
+
 class Application < Rails::Application
   if Rails.env.production? && ActiveModel::Type::Boolean.new.cast(ENV['UNDER_ATTACK'])
     config.middleware.use Rack::Dedos
@@ -46,19 +88,26 @@ class Application < Rails::Application
 end
 ```
 
-### Rackup
+## Configuration
 
-```ruby
-#!/usr/bin/env rackup
-require 'rack/dedos'
+Given the drastic nature of the filters, you should use this middleware for production environments only and/or if an environment variable like `UNDER_ATTACK` is set to true.
 
-if %w(true t on 1).include? ENV['UNDER_ATTACK']
-  use Rack::Dedos
-end
+### Request
 
-run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }
+By default, filters are applied to all request paths. You can norrow this to only certain matching request paths:
+
+```ruby
+use Rack::Dedos,
+  only_paths: [%r(^/search), %r(\.xml$)]
+
+use Rack::Dedos,
+  except_paths: [%r(^/$)]
 ```
 
+If you set both `only_paths` and `except_paths`, the latter take precedence.
+
+⚠️ The request path does not include GET parameters.
+
 ### Response
 
 If a request is classified as malicious by at least one filter, the middleware responds with:

data/lib/rack/dedos/filters/base.rb

@@ -6,9 +6,11 @@ module Rack
       class Base
 
         DEFAULT_OPTIONS = {
+          only_paths: [],
+          except_paths: [],
           status: 403,
           text: 'Forbidden (Temporarily Blocked by Rules)'
-        }
+        }.freeze
 
         attr_reader :app
         attr_reader :options
@@ -25,10 +27,10 @@ module Rack
         def call(env)
           request = Rack::Request.new(env)
           ip = real_ip(request)
-          if allowed?(request, ip)
+          if !apply?(request) || allowed?(request, ip)
             app.call(env)
           else
-            message = "rack-dedos: request from #{ip} blocked by #{self.class}"
+            message = "rack-dedos: request #{request.path} from #{ip} blocked by #{name}"
             warn([message, details].compact.join(": "))
             [options[:status], { 'Content-Type' => 'text/plain' }, [options[:text]]]
           end
@@ -40,6 +42,12 @@ module Rack
           Rack::Dedos.config
         end
 
+        def apply?(request)
+          return false if @options[:except_paths].any? { request.path.match? _1 }
+          return true if @options[:only_paths].none?
+          @options[:only_paths].any? { request.path.match? _1 }
+        end
+
         # Get the real IP of the client
         #
         # If containers and/or proxies such as Cloudflare are in the mix, the

data/lib/rack/dedos/filters/country.rb

@@ -7,6 +7,10 @@ module Rack
     module Filters
       class Country < Base
 
+        def name
+          :country
+        end
+
         # @option options [String] :maxmind_db_file MaxMind database file
         # @option options [Symbol, Array<Symbol>] :allowed_countries ISO 3166-1 alpha 2
         # @option options [Symbol, Array<Symbol>] :denied_countries ISO 3166-1 alpha 2

data/lib/rack/dedos/filters/user_agent.rb

@@ -5,6 +5,10 @@ module Rack
     module Filters
       class UserAgent < Base
 
+        def name
+          :user_agent
+        end
+
         # @option options [String] :cache_url URL of the cache backend
         # @option options [Integer] :cache_period how long to retain cached IP
         #   addresses in seconds (default: 900)

data/lib/rack/dedos/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module Dedos
-    VERSION = "0.4.1"
+    VERSION = "0.5.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-dedos
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Sven Schwyn
@@ -85,16 +85,16 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 6.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
-  name: minitest-flash
+  name: minitest-mock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -108,7 +108,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest-focus
+  name: minitest-flash
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -223,7 +223,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 4.0.3
 specification_version: 4
 summary: Radical filters to block denial-of-service (DoS) requests.
 test_files: []