rack-dedos 0.5.1 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7345523b97820b5bae83175067c3f76b69a4c9f7f57d3bb5faa5175f5fbcdbe4
-  data.tar.gz: 241fc35b7c5c8df31468186079dc1ba27039481437cb249ae8884cee76c94f68
+  metadata.gz: c9198afaa909fd5893e05e59d4e107303aedb6d9cba9a99fc26025d4785fb0f1
+  data.tar.gz: 573d19c93954eb75ad4f4db7b9ea92003162c1648e9b576a8e4279aa2efb6dbc
 SHA512:
-  metadata.gz: 7daa7932e86cea82bf48f6b26e14c70e3b8732b59d6b8495531795f60c79449fe7c25f40f213bfd22098dfe5565b20e34200e5b3a035840171286b93c569deb6
-  data.tar.gz: 94f5e9db12c676fb325624679b3105bdcdf1c107e552725cc56fc8ff77d3c84b9e617c30ccc183866c5ce7b36942843b1385befc0ec29c229807a2fa15a5f973
+  metadata.gz: 95d555d680506742c46c9de899c2ec17a9e4cb4d5423326777cf3b0b4b8131e85798b2f9bccbb3c9e4c7f6be44e0e2a86442ace63aab11e02cf2f21cc76a3924
+  data.tar.gz: 2e633200a5563c497354bba636abc42a829f4d24297fd9d8174f767c2ca789edd1e7758e83ca1eaea4788c0acb084eb9378fe9ce85c3a82f4d34d880d3f3e9b3

data/CHANGELOG.md

@@ -2,6 +2,29 @@
 
 Nothing so far
 
+## 0.7.1
+
+### Improvements
+* Enforce MFA for future gem releases
+
+## 0.7.0
+
+### Breaking changes
+* Change format of country code details in log
+
+### Fixes
+* Drop keyword arguments for Rack compatibility
+* Fix collision with Rack::Logger
+
+## 0.6.0 (yanked)
+
+### Breaking changes
+* Log to STDOUT (instead of STDERR) by default
+
+### Additions
+* Suppport custom loggers
+* Optionally log request headers
+
 ## 0.5.1
 
 ### Fixes

data/README.md

@@ -122,6 +122,33 @@ use Rack::Dedos,
   text: "Temporary Server Error"
 ```
 
+### Log
+
+By default, blocked request are logged as info to `$stdout` such as:
+
+> rack-dedos: request /foobar from 1.2.3.4 blocked by Rack::Dedos::Filters::Country: CN
+
+The level of details may differ by filter, however, if you want to drill down and log additional request headers, you can configure which headers to include as follows:
+
+```ruby
+use Rack::Dedos,
+  headers: ['HTTP_USER_AGENT', 'HTTP_REFERER']
+```
+
+You can direct the log stream to any logger object you wish:
+
+```ruby
+use Rack::Dedos,
+  logger: Logger.new('/var/log/rack-dedos.log')
+```
+
+Or disable logging entirely:
+
+```ruby
+use Rack::Dedos,
+  logger: Logger.new(nil)
+```
+
 ## Filters
 
 By default, all filters described below are applied. You can exclude certain filters:
@@ -199,12 +226,19 @@ cd rack-dedos
 git submodule update --init
 ```
 
-To install the development dependencies and then run the test suite:
+To install only the development dependencies:
+
+```
+bundle install
+bundle exec rake   # run the tests once
+```
+
+To install the development dependencies and development tools (such as guard):
 
 ```
+bundle config set --local with toolbox
 bundle install
-bundle exec rake    # run tests once
-bundle exec guard   # run tests whenever files are modified
+bundle exec guard   # run the tests whenever files are modified
 ```
 
 You're welcome to [submit issues](https://github.com/svoop/rack-dedos/issues) and contribute code by [forking the project and submitting pull requests](https://docs.github.com/en/get-started/quickstart/fork-a-repo).

data/lib/rack/dedos/filters/base.rb

@@ -1,27 +1,29 @@
 # frozen_string_literal: true
 
+require 'logger'
+
 module Rack
   module Dedos
     module Filters
       class Base
 
         DEFAULT_OPTIONS = {
+          logger: nil,
           only_paths: [],
           except_paths: [],
           status: 403,
-          text: 'Forbidden (Temporarily Blocked by Rules)'
+          text: 'Forbidden (Temporarily Blocked by Rules)',
+          headers: []
         }.freeze
 
-        attr_reader :app
-        attr_reader :options
-        attr_reader :details
+        attr_reader :app, :options, :details
 
         # @param app [#call]
         # @param options [Hash{Symbol => Object}]
-        def initialize(app, options = {})
+        def initialize(app, options={})
           @app = app
           @options = DEFAULT_OPTIONS.merge(options)
-          @details = nil
+          @details = {}
         end
 
         def call(env)
@@ -30,8 +32,10 @@ module Rack
           if !apply?(request) || allowed?(request, ip)
             app.call(env)
           else
-            message = "rack-dedos: request #{request.path} from #{ip} blocked by #{name}"
-            warn([message, details].compact.join(": "))
+            message = ["request #{request.path} from #{ip} blocked by #{name}"]
+            message += details_list
+            message += headers_list(request)
+            logger.info(message.join(' '))
             [options[:status], { 'Content-Type' => 'text/plain' }, [options[:text]]]
           end
         end
@@ -42,6 +46,10 @@ module Rack
           Rack::Dedos.config
         end
 
+        def logger
+          @logger ||= options[:logger] || ::Logger.new($stdout, progname: 'rack-dedos')
+        end
+
         def apply?(request)
           return false if @options[:except_paths].any? { request.path.match? _1 }
           return true if @options[:only_paths].none?
@@ -71,6 +79,17 @@ module Rack
           end
         end
 
+        def details_list
+          details.map do |key, value|
+            "#{key.upcase}=#{value.inspect}"
+          end
+        end
+
+        def headers_list(request)
+          options[:headers].map do |header|
+            "#{header.upcase}=#{request.get_header(header).inspect}"
+          end
+        end
       end
     end
   end

data/lib/rack/dedos/filters/country.rb

@@ -14,7 +14,7 @@ module Rack
         # @option options [String] :maxmind_db_file MaxMind database file
         # @option options [Symbol, Array<Symbol>] :allowed_countries ISO 3166-1 alpha 2
         # @option options [Symbol, Array<Symbol>] :denied_countries ISO 3166-1 alpha 2
-        def initialize(*)
+        def initialize(...)
           super
           @maxmind_db_file = options[:maxmind_db_file] or fail "MaxMind database file not set"
           @allowed = case
@@ -26,14 +26,14 @@ module Rack
         end
 
         def allowed?(request, ip)
-          if country = maxmind_db&.get(ip)
-            country_code = @details = country.dig('country', 'iso_code').to_sym
-            @countries.include?(country_code) ? @allowed : !@allowed
+          if db = maxmind_db&.get(ip)
+            details[:country_code] = db.dig('country', 'iso_code').to_sym
+            @countries.include?(details[:country_code]) ? @allowed : !@allowed
           else   # not found in database
             true
           end
         rescue => error
-          warn("rack-dedos: request from #{ip} allowed due to error: #{error.message}")
+          logger.error("request from #{ip} allowed due to error: #{error.message}")
           true
         end
 

data/lib/rack/dedos/filters/user_agent.rb

@@ -12,7 +12,7 @@ module Rack
         # @option options [String] :cache_url URL of the cache backend
         # @option options [Integer] :cache_period how long to retain cached IP
         #   addresses in seconds (default: 900)
-        def initialize(*)
+        def initialize(...)
           super
           @cache_url = options[:cache_url] or fail "cache URL not set"
           @cache_period = options[:cache_period] || 900
@@ -34,7 +34,7 @@ module Rack
             false
           end
         rescue => error
-          warn("rack-dedos: request from #{ip} allowed due to error: #{error.message}")
+          logger.error("request from #{ip} allowed due to error: #{error.message}")
           true
         end
 

data/lib/rack/dedos/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module Dedos
-    VERSION = "0.5.1"
+    VERSION = "0.7.1"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-dedos
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.7.1
 platform: ruby
 authors:
 - Sven Schwyn
@@ -24,13 +24,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.2.0
 - !ruby/object:Gem::Dependency
-  name: redis
+  name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -38,7 +38,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: maxmind-db
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -52,7 +52,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: debug
+  name: redis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -66,7 +66,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: maxmind-db
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -107,62 +107,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest-flash
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: guard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: guard-minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: yard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: |
   Somewhat more radical filters designed to decimate malicious requests during
   a denial-of-service (DoS) attack by chopping their connection well before
@@ -202,6 +146,7 @@ metadata:
   source_code_uri: https://github.com/svoop/rack-dedos
   documentation_uri: https://www.rubydoc.info/gems/rack-dedos
   bug_tracker_uri: https://github.com/svoop/rack-dedos/issues
+  rubygems_mfa_required: 'true'
 rdoc_options:
 - "--title"
 - Rack::Dedos
@@ -223,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Radical filters to block denial-of-service (DoS) requests.
 test_files: []