rack_api_key_limit 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 49300e2587c6f79851b558faa073eef6e8ec9296
+  data.tar.gz: b744e907b0cf41ad5476f8d3ca6c7339fe795b3c
+SHA512:
+  metadata.gz: d5b2b5a4290272d9fc05b3022a5bfd8af062bb6e901767dd705da5dc5db16f2bf626b10a40f6974b4a24c6796af6a80995f4f322f2a71482e246dee9be7400d1
+  data.tar.gz: c5d1c6e29f2fec7b92cd22e66f18d6016795bf4016fef7e7e316be9845ca30a99d91ba24ee8e548324530005f0526a2fd3dcc5eb969f34f127944b127e0caa90

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rack_api_key_limit.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Rich Hollis
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,76 @@
+# RackApiKeyLimit
+
+Rack middleware for limiting requests based on an parameter - e.g. api_key
+
+```
+http://api.somewhere.com/api/v1/users?api_key=dflgjkd9o8345kdjbkcjvbij
+```
+
+The middleware uses a default strategy of hourly limiting for api keys but has been designed so that you can implement your own strategies. The default limit is 150 requests an hour.
+
+## X-RateLimit headers
+
+X-RateLimit headers are returned with each request where the api_key parameter is present:
+
+<table>
+  <tr>
+    <td>X-RateLimit-Limit</td><td>The maximum number of requests per time period (e.g. hour)</td>
+  </tr>
+  <tr>
+    <td>X-RateLimit-Remaining</td><td>The number of requests remaining</td>
+  </tr>
+  <tr>
+    <td>X-RateLimit-Reset</td><td>The number of seconds until the current time period ends</td>
+  </tr>
+</table>
+
+I found this artcle on Stack Overflow very useful:
+
+http://stackoverflow.com/questions/16022624/examples-of-http-api-rate-limiting-http-response-headers
+
+It would be pretty easy to add a ```Retry-After``` header if you wanted to.
+
+## Cache Stores
+
+Redis is used for the cache store but again you could easily implement your own.
+
+## Inspiration
+
+This rack middleware was heavily inspired and uses parts of the no longer maintained [rack-throttle](https://github.com/datagraph/rack-throttle) middleware - in particular the design and specs saved me a lot of time.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rack_api_key_limit'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rack_api_key_limit
+
+## Usage
+
+### Rails 3 installation
+
+config/application.rb
+
+```
+config.middleware.insert_before 'Rack::Cache', Rack::ApiKeyLimit::Hourly, {
+  cache: Rack::ApiKeyLimit::Cache::Redis.new(your_redis_instance),
+  request_limit: 100
+}
+```
+
+## Contributing
+
+If you are contributing, please include good test coverage for your pull request - thanks!
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/rack_api_key_limit.rb

@@ -0,0 +1,9 @@
+require "rack_api_key_limit/version"
+require "rack_api_key_limit/cache/redis"
+require "rack_api_key_limit/base"
+require "rack_api_key_limit/hourly"
+
+module Rack
+  module ApiKeyLimit
+  end
+end

data/lib/rack_api_key_limit/base.rb

@@ -0,0 +1,90 @@
+module Rack
+  module ApiKeyLimit
+    class Base
+      def initialize(app, options)
+        @app = app
+        @options = options
+      end
+
+      def options
+        @options || {}
+      end
+
+      def cache
+        @options[:cache]
+      end
+
+      def call(env)
+        request = Rack::Request.new(env)
+        key = get_key(request, cache)
+        allowed?(request, key) ? not_rate_limited(env, request, key) : rate_limit_exceeded(key)
+      end
+
+      def param_name
+        options[:param_name] || "api_key"
+      end
+
+      def param(request)
+        request.params[param_name]
+      end
+
+      def has_param?(request)
+        request.params.has_key?(param_name)
+      end
+
+      def get_key(request, cache)
+        raise NotImplementedError.new("You must implement get_key.")
+      end
+
+      def not_rate_limited(env, request, key)
+        status, headers, response = @app.call(env)
+        headers = headers.merge(rate_limit_headers(key)) if has_param?(request)
+        [status, headers, response]
+      end
+
+      def request_limit
+        options[:request_limit] || 150
+      end
+
+      def limit_seconds
+        raise NotImplementedError.new("You must implement limit_seconds.")
+      end
+
+      def rate_limit_headers(key)
+        headers = {}
+        headers["X-RateLimit-Limit"] = request_limit.to_s
+        headers["X-RateLimit-Remaining"] = remaining(key).to_s
+        headers["X-RateLimit-Reset"] = retry_after.to_f.ceil.to_s if respond_to?(:retry_after)
+        headers
+      end
+
+      def rate_limit_exceeded(key)
+        http_error(options[:status] || 429, options[:message] || 'Rate Limit Exceeded', rate_limit_headers(key))
+      end
+
+      def request_count(key)
+        request_count = cache.get(key)
+        (request_count.to_i if request_count) || 0
+      end
+
+      def remaining(key)
+        request_limit - request_count(key)
+      end
+
+      def allowed?(request, key)
+        return true unless has_param?(request) # always allowed if no key present
+        cache.increment(key, limit_seconds) and return true if remaining(key) > 0
+      end
+
+      def http_error(code, message = nil, headers = {})
+        [code, {'Content-Type' => 'text/plain; charset=utf-8'}.merge(headers),
+          [http_status(code) + (message.nil? ? "\n" : " (#{message})\n")]
+        ]
+      end
+
+      def http_status(code)
+        [code, Rack::Utils::HTTP_STATUS_CODES[code]].join(' ')
+      end
+    end
+  end
+end

data/lib/rack_api_key_limit/cache/redis.rb

@@ -0,0 +1,22 @@
+module Rack
+  module ApiKeyLimit
+    module Cache
+      class Redis
+        def initialize(redis)
+          @redis = redis
+        end
+
+        def get(key)
+          @redis.get(key)
+        end
+
+        def increment(key, limit_seconds)
+          @redis.multi do
+            @redis.incr(key)
+            @redis.expire(key, limit_seconds)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack_api_key_limit/hourly.rb

@@ -0,0 +1,23 @@
+module Rack
+  module ApiKeyLimit
+    class Hourly < Base
+      def get_key(request, counter)
+        api_key = param(request)
+        "#{param_name}-rate-limit:#{api_key}-#{Time.now.hour}"
+      end
+
+      def limit_seconds
+        3600
+      end
+
+      def retry_after
+        retry_after_seconds(Time.now, limit_seconds)        
+      end
+
+      def retry_after_seconds(time_now, period_seconds)
+        seconds_since_midnight = time_now.to_i % 86400
+        (period_seconds - seconds_since_midnight % period_seconds)
+      end
+    end
+  end
+end

data/lib/rack_api_key_limit/version.rb

@@ -0,0 +1,5 @@
+module Rack
+  module ApiKeyLimit
+    VERSION = "0.0.1"
+  end
+end

data/rack_api_key_limit.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rack_api_key_limit/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "rack_api_key_limit"
+  spec.version       = Rack::ApiKeyLimit::VERSION
+  spec.authors       = ["Rich Hollis"]
+  spec.email         = ["richhollis@gmail.com"]
+  spec.description   = %q{Rack middleware for limiting requests based on an parameter}
+  spec.summary       = %q{The middleware uses a default strategy of hourly limiting for api keys but has been designed so that you can implement your own strategies and cache stores.}
+  spec.homepage      = "https://github.com/richhollis/rack_api_key_limit"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake", "~> 10"
+  spec.add_development_dependency "rspec", "~> 3"
+  spec.add_development_dependency "timecop", "~> 0"
+  spec.add_development_dependency 'rack-test', '~> 0.5'
+
+  spec.add_runtime_dependency     'rack',      '~> 1.0'
+
+end

data/spec/lib/rack_api_key_limit/base_spec.rb

@@ -0,0 +1,73 @@
+require 'spec_helper'
+
+describe Rack::ApiKeyLimit::Base do
+
+  include Rack::Test::Methods
+
+  let(:cache) { CacheStub.new }
+  let(:app) { app_stub_with_options({cache: cache}) }
+
+  context "api_key not present" do
+    before(:each) { get "/foo" }
+    it "when called without param is allowed" do
+      expect(last_response.body).to eq "Example App Body"
+    end
+    it "doesn't return X-RateLimit headers" do
+      expect(last_response.headers).to eq({"Content-Length" => "16"})
+    end
+  end
+  context "api_key present" do
+    context "counter at zero" do
+      it "allows call" do
+        get "/foo?api_key=test"
+        expect(last_response.body).to eq "Example App Body"
+        expect(last_response.headers).to include({"X-RateLimit-Remaining" => "149"})
+      end
+      it "increments the counter" do
+        Timecop.freeze { 3.times { get "/foo?api_key=test" } }
+        key = "api_key-rate-limit:test-13"
+        expect(app.request_count(key)).to eq 3
+      end
+    end
+    context "counter at max limit" do
+      before(:each) { 
+        allow(cache).to receive(:get).and_return(150) 
+        Timecop.freeze(spec_time) { get "/foo?api_key=test" }
+      }
+      it "returns rate limit error body" do
+        expect(last_response.body).to eq "429 Too Many Requests (Rate Limit Exceeded)\n"
+      end
+      it "returns rate limit status code" do
+        expect(last_response.status).to eq 429
+      end
+      it "retuns X-RateLimit headers" do
+        expect(last_response.headers).to include({"X-RateLimit-Limit" => "150"})
+        expect(last_response.headers).to include({"X-RateLimit-Remaining" => "0"})
+        expect(last_response.headers).to include({"X-RateLimit-Reset" => "300"})
+      end
+    end
+  end
+  context "options" do
+    context "param_name" do
+      let(:app) { app_stub_with_options({cache: cache, param_name: "my_api_key"}) }
+      it "uses specified param name" do
+        get "/foo?my_api_key=test"
+        expect(last_response.headers).to include({"X-RateLimit-Remaining" => "149"})
+      end
+    end
+    context "request_limit" do
+      let(:app) { app_stub_with_options({cache: cache, request_limit: 10}) }
+      it "uses specified request_limit" do
+        get "/foo?api_key=test"
+        expect(last_response.headers).to include({"X-RateLimit-Remaining" => "9"})
+      end
+    end
+    context "status & message" do
+      let(:app) { app_stub_with_options({cache: cache, status: 403, message: "Rate limit!", request_limit: 0}) }
+      it "uses specified status and message" do
+        get "/foo?api_key=test"
+        expect(last_response.body).to eq "403 Forbidden (Rate limit!)\n"
+      end
+    end
+  end
+end

data/spec/lib/rack_api_key_limit/hourly_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe Rack::ApiKeyLimit::Hourly do
+
+  include Rack::Test::Methods
+
+  let(:cache) { CacheStub.new }
+  let(:app) { described_class.new(example_target_app, {cache: cache}) }
+
+  describe "#get_key" do
+    it "returns expected format" do
+      request = double("request object")
+      allow(request).to receive(:params).and_return({"api_key" => "ABC" })
+      Timecop.freeze(spec_time) { 
+        expect(app.get_key(request, cache)).to eq("api_key-rate-limit:ABC-13")
+      }
+    end
+  end
+  describe "#retry_after_seconds" do
+    it "returns correct value for minute remaining" do
+      expect(app.retry_after_seconds(Time.gm(2014,9,16,16,59,00), 3600)).to eq(60)
+    end
+    it "returns correct value for hour remaining" do
+      expect(app.retry_after_seconds(Time.gm(2014,9,16,00,00,00), 3600)).to eq(3600)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,27 @@
+require "rack/test"
+require "rack_api_key_limit"
+require "timecop"
+
+Dir[File.expand_path('../support/**/*.rb', __FILE__)].each { |f| require f }
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+  config.color = true
+end
+
+def example_target_app
+  app = double("Example Rack App")
+  allow(app).to receive(:call).and_return([200, {}, "Example App Body"])
+  app
+end
+
+def app_stub_with_options(options)
+  cache = CacheStub.new
+  LimiterStub.new(example_target_app, options)
+end
+
+def spec_time
+  Time.gm(2014,9,16,13,55,00)
+end

data/spec/support/cache_stub.rb

@@ -0,0 +1,13 @@
+class CacheStub
+  def initialize
+    @counter = 0
+  end
+  def increment(key, seconds)
+    @counter += 1
+  end
+  def expire(key, time)
+  end
+  def get(key)
+    @counter
+  end
+end

data/spec/support/lib/cache_stub.rb

@@ -0,0 +1,13 @@
+class CacheStub
+  def initialize
+    @counter = 0
+  end
+  def increment(key, seconds)
+    @counter += 1
+  end
+  def expire(key, time)
+  end
+  def get(key)
+    @counter
+  end
+end

data/spec/support/lib/limiter_stub.rb

@@ -0,0 +1,19 @@
+class LimiterStub < Rack::ApiKeyLimit::Base
+  def get_key(request, counter)
+    api_key = param(request)
+    "#{param_name}-rate-limit:#{api_key}-#{Time.now.hour}"
+  end
+
+  def limit_seconds
+    3600
+  end
+
+  def retry_after
+    retry_after_seconds(Time.now, limit_seconds)        
+  end
+
+  def retry_after_seconds(time_now, period_seconds)
+    seconds_since_midnight = time_now.to_i % 86400
+    (period_seconds - seconds_since_midnight % period_seconds)
+  end
+end

data/spec/support/limiter_stub.rb

@@ -0,0 +1,19 @@
+class LimiterStub < Rack::ApiKeyLimit::Base
+  def get_key(request, counter)
+    api_key = param(request)
+    "#{param_name}-rate-limit:#{api_key}-#{Time.now.hour}"
+  end
+
+  def limit_seconds
+    3600
+  end
+
+  def retry_after
+    retry_after_seconds(Time.now, limit_seconds)        
+  end
+
+  def retry_after_seconds(time_now, period_seconds)
+    seconds_since_midnight = time_now.to_i % 86400
+    (period_seconds - seconds_since_midnight % period_seconds)
+  end
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: rack_api_key_limit
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Rich Hollis
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-09-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: Rack middleware for limiting requests based on an parameter
+email:
+- richhollis@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rack_api_key_limit.rb
+- lib/rack_api_key_limit/base.rb
+- lib/rack_api_key_limit/cache/redis.rb
+- lib/rack_api_key_limit/hourly.rb
+- lib/rack_api_key_limit/version.rb
+- rack_api_key_limit.gemspec
+- spec/lib/rack_api_key_limit/base_spec.rb
+- spec/lib/rack_api_key_limit/hourly_spec.rb
+- spec/spec_helper.rb
+- spec/support/cache_stub.rb
+- spec/support/lib/cache_stub.rb
+- spec/support/lib/limiter_stub.rb
+- spec/support/limiter_stub.rb
+homepage: https://github.com/richhollis/rack_api_key_limit
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: The middleware uses a default strategy of hourly limiting for api keys but
+  has been designed so that you can implement your own strategies and cache stores.
+test_files:
+- spec/lib/rack_api_key_limit/base_spec.rb
+- spec/lib/rack_api_key_limit/hourly_spec.rb
+- spec/spec_helper.rb
+- spec/support/cache_stub.rb
+- spec/support/lib/cache_stub.rb
+- spec/support/lib/limiter_stub.rb
+- spec/support/limiter_stub.rb