rack-ratelimit 1.1.2 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: da76df57ad5b54ed09e61c19e80a8d16ecce6a2c
-  data.tar.gz: 8a393903a899cfa721e35597b3730a29a1edbf74
+SHA256:
+  metadata.gz: f495171388825bee8e7248a597406cad160d6d0fe2adfb03f9d33617ab136832
+  data.tar.gz: 4b6256bf56d9384a80265ac5b78a9f63809e29e08bc33918b87c22ae3717cc5d
 SHA512:
-  metadata.gz: 7602ad3237ac2e8263fed3209dc7b6830a4383338ff0f7fb213ccb325b642faa46eae336bce2a84d5e3468e9a4e45bd40eba7ef9274ca8f9a81d4be5929306ef
-  data.tar.gz: 78559b12b276864f97dce761ed7d192c36fbc4c256f880aef53236a119c6c7b8db37febf9be90c3a5ff3ce8d07847fe46140862c61e076f0be43e21124c2611a
+  metadata.gz: c8eb47b3e77c43c16df7c984463366f78d0be4c5f46b425e15d027932d5d43be4771e16a8338325c631408229bc3011576daf888aaff0d021ba505a080e06a9f
+  data.tar.gz: 467d0a44fab4f3b6490a912ad1ed8b699b315d4158a2ce709ce2743bfa16ba9c614e151d941674c2b830e4ac406ff1305fc09ee6fb2612bf7176d21477852d55

data/lib/rack/ratelimit.rb

@@ -24,7 +24,7 @@ module Rack
     #   cache: a Dalli::Client instance
     #   redis: a Redis instance
     #   counter: Your own custom counter. Must respond to
-    #     `#increment(classification_string, end_of_time_window_timestamp)`
+    #     `#increment(classification_string, end_of_time_window_epoch_timestamp)`
     #     and return the counter value after increment.
     #
     # Optional configuration:
@@ -39,7 +39,10 @@ module Rack
     #     subsequently blocked requests.
     #   error_message: the message returned in the response body when the rate
     #     limit is exceeded. Defaults to "<name> rate limit exceeded. Please
-    #     wait <period> seconds then retry your request."
+    #     wait %d seconds then retry your request." The number of seconds
+    #     until the end of the rate-limiting window is interpolated into the
+    #     message string, but the %d placeholder is optional if you wish to
+    #     omit it.
     #
     # Example:
     #
@@ -78,7 +81,7 @@ module Rack
         end
 
       @logger = options[:logger]
-      @error_message = options.fetch(:error_message, "#{@name} rate limit exceeded. Please wait #{@period} seconds then retry your request.")
+      @error_message = options.fetch(:error_message, "#{@name} rate limit exceeded. Please wait %d seconds then retry your request.")
 
       @conditions = Array(options[:conditions])
       @exceptions = Array(options[:exceptions])
@@ -120,33 +123,34 @@ module Rack
     #   * If it's the first request that exceeds the limit, log it.
     #   * If the count doesn't exceed the limit, pass through the request.
     def call(env)
-      if apply_rate_limit?(env) && classification = classify(env)
-
-        # Marks the end of the current rate-limiting window.
-        timestamp = @period * (Time.now.to_f / @period).ceil
-        time = Time.at(timestamp).utc.xmlschema
+      # Accept an optional start-of-request timestamp from the Rack env for
+      # upstream timing and for testing.
+      now = env.fetch('ratelimit.timestamp', Time.now).to_f
 
+      if apply_rate_limit?(env) && classification = classify(env)
         # Increment the request counter.
-        count = @counter.increment(classification, timestamp)
+        epoch = ratelimit_epoch(now)
+        count = @counter.increment(classification, epoch)
         remaining = @max - count
 
-        json = %({"name":"#{@name}","period":#{@period},"limit":#{@max},"remaining":#{remaining < 0 ? 0 : remaining},"until":"#{time}"})
-
         # If exceeded, return a 429 Rate Limit Exceeded response.
         if remaining < 0
           # Only log the first hit that exceeds the limit.
           if @logger && remaining == -1
-            @logger.info '%s: %s exceeded %d request limit for %s' % [@name, classification, @max, time]
+            @logger.info '%s: %s exceeded %d request limit for %s' % [@name, classification, @max, format_epoch(epoch)]
           end
 
+          retry_after = seconds_until_epoch(epoch)
+
           [ @status,
-            { 'X-Ratelimit' => json, 'Retry-After' => @period.to_s },
-            [@error_message] ]
+            { 'X-Ratelimit' => ratelimit_json(remaining, epoch),
+              'Retry-After' => retry_after.to_s },
+            [ @error_message % retry_after ] ]
 
         # Otherwise, pass through then add some informational headers.
         else
           @app.call(env).tap do |status, headers, body|
-            headers['X-Ratelimit'] = [headers['X-Ratelimit'], json].compact.join("\n")
+            amend_headers headers, 'X-Ratelimit', ratelimit_json(remaining, epoch)
           end
         end
       else
@@ -154,14 +158,39 @@ module Rack
       end
     end
 
+    private
+      # Calculate the end of the current rate-limiting window.
+      def ratelimit_epoch(timestamp)
+        @period * (timestamp / @period).ceil
+      end
+
+      def ratelimit_json(remaining, epoch)
+        %({"name":"#{@name}","period":#{@period},"limit":#{@max},"remaining":#{remaining < 0 ? 0 : remaining},"until":"#{format_epoch(epoch)}"})
+      end
+
+      def format_epoch(epoch)
+        Time.at(epoch).utc.xmlschema
+      end
+
+      # Clamp negative durations in case we're in a new rate-limiting window.
+      def seconds_until_epoch(epoch)
+        sec = (epoch - Time.now.to_f).ceil
+        sec = 0 if sec < 0
+        sec
+      end
+
+      def amend_headers(headers, name, value)
+        headers[name] = [headers[name], value].compact.join("\n")
+      end
+
     class MemcachedCounter
       def initialize(cache, name, period)
         @cache, @name, @period = cache, name, period
       end
 
       # Increment the request counter and return the current count.
-      def increment(classification, timestamp)
-        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, timestamp]
+      def increment(classification, epoch)
+        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, epoch]
 
         # Try to increment the counter if it's present.
         if count = @cache.incr(key, 1)
@@ -184,8 +213,8 @@ module Rack
       end
 
       # Increment the request counter and return the current count.
-      def increment(classification, timestamp)
-        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, timestamp]
+      def increment(classification, epoch)
+        key = 'rack-ratelimit/%s/%s/%i' % [@name, classification, epoch]
 
         # Returns [count, expire_ok] response for each multi command.
         # Return the first, the count.

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: rack-ratelimit
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.2.0
 platform: ruby
 authors:
 - Jeremy Daer
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-06-02 00:00:00.000000000 Z
+date: 2021-01-22 00:00:00.000000000 Z
 dependencies: []
-description: 
+description:
 email: jeremydaer@gmail.com
 executables: []
 extensions: []
@@ -22,7 +22,7 @@ homepage: https://github.com/jeremy/rack-ratelimit
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -30,17 +30,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '1.8'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.4
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Flexible rate limits for your Rack apps
 test_files: []
-has_rdoc: