rack-ratelimit 1.0.1 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: e01063bca7c6d18ab0206611063a339dc7ddfad6
-  data.tar.gz: ffb944f15efc8239948306e4948f25c8d488e07c
+SHA256:
+  metadata.gz: 932df83350e7eb0747d9e4e380179c0f835bbadefb4dbb62ed0e4b0837778a1d
+  data.tar.gz: 3d9b668665f8bb7867719ebaae2a7804bf83794651d6c1f2261ef8cc4842619e
 SHA512:
-  metadata.gz: b64f78b469c570ade7cb6f03e301c70550adb7486b3e5a2e36de522db35d80ce769ddd7f18e18274c6a5a6da2a2a5224244268a2a6378e5e9f8e91228ab6e7b7
-  data.tar.gz: 0b4929fb74cd3da4a727e1ef5c0e5fbf160704e06be4e4e639df7be98e28f1dd6dada78918bd72cd2ee85d17efceb57cb123223777fda4b83a59dbcb27f7c763
+  metadata.gz: a319c6549dc021bd7fe3c703e6d1d484cf3daf6a2df5508e6d32de251077b1a012c36118359b974fb75cf7d7e341dc60232333eb468698eae48aeb3150ccdfd0
+  data.tar.gz: 1612618c51f43cb09ef159822807a5e46813e44185bbf65218bf7f8301c7050ac020e1dba494a0a58d2b70408973762b9966517bc3a00fad7a819d5f9fcba211

data/lib/rack/ratelimit.rb

@@ -1,4 +1,3 @@
-require 'dalli'
 require 'logger'
 require 'time'
 
@@ -10,9 +9,9 @@ module Rack
   # * Apply each rate limit by request characteristics: IP, subdomain, OAuth2 token, etc.
   # * Flexible time window to limit burst traffic vs hourly or daily traffic:
   #     100 requests per 10 sec, 500 req/minute, 10000 req/hour, etc.
-  # * Fast, low-overhead implementation using memcache counters per time window:
+  # * Fast, low-overhead implementation using counters per time window:
   #     timeslice = window * ceiling(current time / window)
-  #     memcache.incr(counter for timeslice)
+  #     store.incr(timeslice)
   class Ratelimit
     # Takes a block that classifies requests for rate limiting. Given a
     # Rack env, return a string such as IP address, API token, etc. If the
@@ -21,7 +20,12 @@ module Rack
     #
     # Required configuration:
     #   rate: an array of [max requests, period in seconds]: [500, 5.minutes]
-    #   cache: a Dalli::Client instance, or an object that quacks like it.
+    # and one of
+    #   cache: a Dalli::Client instance
+    #   redis: a Redis instance
+    #   counter: Your own custom counter. Must respond to
+    #     `#increment(classification_string, end_of_time_window_epoch_timestamp)`
+    #     and return the counter value after increment.
     #
     # Optional configuration:
     #   name: name of the rate limiter. Defaults to 'HTTP'. Used in messages.
@@ -35,7 +39,10 @@ module Rack
     #     subsequently blocked requests.
     #   error_message: the message returned in the response body when the rate
     #     limit is exceeded. Defaults to "<name> rate limit exceeded. Please
-    #     wait <period> seconds then retry your request."
+    #     wait %d seconds then retry your request." The number of seconds
+    #     until the end of the rate-limiting window is interpolated into the
+    #     message string, but the %d placeholder is optional if you wish to
+    #     omit it.
     #
     # Example:
     #
@@ -51,7 +58,7 @@ module Rack
     #   use(Rack::Ratelimit, name: 'API',
     #     conditions: ->(env) { env['REMOTE_USER'] },
     #     rate:   [1000, 1.hour],
-    #     cache:  Dalli::Client.new,
+    #     redis:  Redis.new(ratelimit_redis_config),
     #     logger: Rails.logger) { |env| env['REMOTE_USER'] }
     def initialize(app, options, &classifier)
       @app, @classifier = app, classifier
@@ -61,10 +68,20 @@ module Rack
       @max, @period = options.fetch(:rate)
       @status = options.fetch(:status, 429)
 
-      @counter = Counter.new(options.fetch(:cache), @name, @period)
+      @counter =
+        if counter = options[:counter]
+          raise ArgumentError, 'Counter must respond to #increment' unless counter.respond_to?(:increment)
+          counter
+        elsif cache = options[:cache]
+          MemcachedCounter.new(cache, @name, @period)
+        elsif redis = options[:redis]
+          RedisCounter.new(redis, @name, @period)
+        else
+          raise ArgumentError, ':cache, :redis, or :counter is required'
+        end
 
       @logger = options[:logger]
-      @error_message = options.fetch(:error_message, "#{@name} rate limit exceeded. Please wait #{@period} seconds then retry your request.")
+      @error_message = options.fetch(:error_message, "#{@name} rate limit exceeded. Please wait %d seconds then retry your request.")
 
       @conditions = Array(options[:conditions])
       @exceptions = Array(options[:exceptions])
@@ -106,33 +123,34 @@ module Rack
     #   * If it's the first request that exceeds the limit, log it.
     #   * If the count doesn't exceed the limit, pass through the request.
     def call(env)
-      if apply_rate_limit?(env) && classification = classify(env)
-
-        # Marks the end of the current rate-limiting window.
-        timestamp = @period * (Time.now.to_f / @period).ceil
-        time = Time.at(timestamp).utc.xmlschema
+      # Accept an optional start-of-request timestamp from the Rack env for
+      # upstream timing and for testing.
+      now = env.fetch('ratelimit.timestamp', Time.now).to_f
 
+      if apply_rate_limit?(env) && classification = classify(env)
         # Increment the request counter.
-        count = @counter.increment(classification, timestamp)
-        remaining = @max - count + 1
-
-        json = %({"name":"#{@name}","period":#{@period},"limit":#{@max},"remaining":#{remaining},"until":"#{time}"})
+        epoch = ratelimit_epoch(now)
+        count = @counter.increment(classification, epoch)
+        remaining = @max - count
 
         # If exceeded, return a 429 Rate Limit Exceeded response.
-        if remaining <= 0
+        if remaining < 0
           # Only log the first hit that exceeds the limit.
-          if @logger && remaining == 0
-            @logger.info '%s: %s exceeded %d request limit for %s' % [@name, classification, @max, time]
+          if @logger && remaining == -1
+            @logger.info '%s: %s exceeded %d request limit for %s' % [@name, classification, @max, format_epoch(epoch)]
           end
 
+          retry_after = seconds_until_epoch(epoch)
+
           [ @status,
-            { 'X-Ratelimit' => json, 'Retry-After' => @period.to_s },
-            [@error_message] ]
+            { 'X-Ratelimit' => ratelimit_json(remaining, epoch),
+              'Retry-After' => retry_after.to_s },
+            [ @error_message % retry_after ] ]
 
         # Otherwise, pass through then add some informational headers.
         else
           @app.call(env).tap do |status, headers, body|
-            headers['X-Ratelimit'] = [headers['X-Ratelimit'], json].compact.join("\n")
+            amend_headers headers, 'X-Ratelimit', ratelimit_json(remaining, epoch)
           end
         end
       else
@@ -140,14 +158,39 @@ module Rack
       end
     end
 
-    class Counter
+    private
+      # Calculate the end of the current rate-limiting window.
+      def ratelimit_epoch(timestamp)
+        @period * (timestamp / @period).ceil
+      end
+
+      def ratelimit_json(remaining, epoch)
+        %({"name":"#{@name}","period":#{@period},"limit":#{@max},"remaining":#{remaining < 0 ? 0 : remaining},"until":"#{format_epoch(epoch)}"})
+      end
+
+      def format_epoch(epoch)
+        Time.at(epoch).utc.xmlschema
+      end
+
+      # Clamp negative durations in case we're in a new rate-limiting window.
+      def seconds_until_epoch(epoch)
+        sec = (epoch - Time.now.to_f).ceil
+        sec = 0 if sec < 0
+        sec
+      end
+
+      def amend_headers(headers, name, value)
+        headers[name] = [headers[name], value].compact.join("\n")
+      end
+
+    class MemcachedCounter
       def initialize(cache, name, period)
         @cache, @name, @period = cache, name, period
       end
 
       # Increment the request counter and return the current count.
-      def increment(classification, timestamp)
-        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, timestamp]
+      def increment(classification, epoch)
+        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, epoch]
 
         # Try to increment the counter if it's present.
         if count = @cache.incr(key, 1)
@@ -161,6 +204,28 @@ module Rack
         else
           @cache.incr(key, 1).to_i
         end
+      rescue Dalli::DalliError
+        0
+      end
+    end
+
+    class RedisCounter
+      def initialize(redis, name, period)
+        @redis, @name, @period = redis, name, period
+      end
+
+      # Increment the request counter and return the current count.
+      def increment(classification, epoch)
+        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, epoch]
+
+        # Returns [count, expire_ok] response for each multi command.
+        # Return the first, the count.
+        @redis.multi do |redis|
+          redis.incr key
+          redis.expire key, @period
+        end.first
+      rescue Redis::BaseError
+        0
       end
     end
   end

metadata

@@ -1,84 +1,28 @@
 --- !ruby/object:Gem::Specification
 name: rack-ratelimit
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.2.1
 platform: ruby
 authors:
-- Jeremy Kemper
-autorequire: 
+- Jeremy Daer
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-03-21 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rack
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: dalli
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 5.3.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 5.3.0
-description: 
-email: jeremy@bitsweat.net
+date: 2021-01-22 00:00:00.000000000 Z
+dependencies: []
+description:
+email: jeremydaer@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - "./lib/rack-ratelimit.rb"
 - "./lib/rack/ratelimit.rb"
-homepage: 
+homepage: https://github.com/jeremy/rack-ratelimit
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -86,16 +30,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '1.8'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.0
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Flexible rate limits for your Rack apps
 test_files: []