rails_rate_limit 0.1.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf52b273c158732c58a654255744cbc096ddab47348f16684211435074dfd9b9
-  data.tar.gz: 239cf6c9e06d1300d057c28a2bdcd065de265799d58c369e061e9787e504879b
+  metadata.gz: 898367675a14db6a2edf98d6e052797f4447896e57bc180702c897372f8c2ab4
+  data.tar.gz: 4870de49e9e6895566ff929821b4712d5272efddc2154c474bf7ce76653b4d85
 SHA512:
-  metadata.gz: 17198b2b17fe32b8dea0d56d99a02157cc4e0f50e103006b6faea197d38b2206c9810243cdf06a1c0e3c95807bd63d00feea07a426f358f026d60c7c57a5e37b
-  data.tar.gz: b1b66ee43016fd1db38083833228c779507dd586573cd9d47a3d69bd0a5cac45e6c478308a9e399d370fe5618b9182c657c55e8b09ff0e4ca465a6dbe25a2e6e
+  metadata.gz: 651e61eeeb9ca99c8e80b03103d27c18d83e0c1d958d3b8e1dd2b5561537df219be3e9c889f5ac79d615416b9317588be7fb0ed5e0ebffa193386dd98b9db7f2
+  data.tar.gz: d19a7092d505a0ded484c14335d12652f621543b001742248e4fc61d23628442624e536346e979ea4701df9ee63e8c59ceca488df8868b1f5749c60dce4dd4ff

data/README.md

@@ -1,4 +1,4 @@
-# Rails Rate Limit
+# **Rails Rate Limit**
 
 [![Gem Version](https://badge.fury.io/rb/rails_rate_limit.svg)](https://badge.fury.io/rb/rails_rate_limit)
 [![Build Status](https://github.com/kasvit/rails_rate_limit/workflows/Ruby/badge.svg)](https://github.com/kasvit/rails_rate_limit/actions)
@@ -9,6 +9,17 @@ For example, if you set a limit of 100 requests per hour, and a user makes 100 r
 
 The gem supports rate limiting for both HTTP requests (in controllers) and instance method calls (in any Ruby class), with multiple storage backends (Redis, Memcached, Memory).
 
+## Features
+
+- Multiple storage backends (Redis, Memcached, Memory)
+- Sliding window algorithm for accurate rate limiting
+- Support for both controllers and Ruby classes
+- Multiple rate limits for controllers
+- Custom rate limit names and skipping for controllers
+- Flexible configuration options
+- Automatic HTTP headers
+- Custom error handlers
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -23,46 +34,53 @@ And then execute:
 $ bundle install
 ```
 
+Generate the initializer:
+
+```bash
+$ rails generate rails_rate_limit:install
+```
+
+This will create a configuration file at `config/initializers/rails_rate_limit.rb` with all available options commented out.
+
 ## Configuration
 
-Create an initializer `config/initializers/rails_rate_limit.rb`:
+The generated initializer (`config/initializers/rails_rate_limit.rb`) includes all available configuration options with default values commented out. You can uncomment and modify the options you want to customize:
 
 ```ruby
 RailsRateLimit.configure do |config|
-  # Optional: Choose your storage backend (default: :memory)
-  config.default_store = :redis # Available options: :redis, :memcached, :memory
-  
-  # Optional: Configure Redis connection (required if using Redis store)
-  config.redis_connection = Redis.new(
-    url: ENV['REDIS_URL'],
-    timeout: 1,
-    reconnect_attempts: 2
-  )
-  
-  # Optional: Configure Memcached connection (required if using Memcached store)
-  config.memcached_connection = Dalli::Client.new(
-    ENV['MEMCACHED_URL'],
-    { expires_in: 1.day, compress: true }
-  )
-  
-  # Optional: Configure logging
-  # set `nil` to disable logging
-  config.logger = Rails.logger
-  
-  # Optional: Configure default handler for controllers (HTTP requests)
-  config.handle_controller_exceeded = -> {
-    # Default handler returns a JSON response with a 429 status code
-    render json: {
-      error: "Too many requests",
-      retry_after: response.headers["Retry-After"]
-    }, status: :too_many_requests
-  }
-  
-  # Optional: Configure default handler for methods
+  # Choose your storage backend (default: :memory)
+  # Available options: :redis, :memcached, :memory
+  # config.default_store = :memory
+
+  # Configure Redis connection (required if using Redis store)
+  # config.redis_connection = Redis.new(
+  #   url: ENV['REDIS_URL'],
+  #   timeout: 1,
+  #   reconnect_attempts: 2
+  # )
+
+  # Configure Memcached connection (required if using Memcached store)
+  # config.memcached_connection = Dalli::Client.new(
+  #   ENV['MEMCACHED_URL'],
+  #   { expires_in: 1.day, compress: true }
+  # )
+
+  # Configure logging (set to nil to disable logging)
+  # config.logger = Rails.logger
+
+  # Configure default handler for controllers (HTTP requests)
+  # config.handle_controller_exceeded = -> {
+  #   render json: {
+  #     error: "Too many requests",
+  #     retry_after: response.headers["Retry-After"]
+  #   }, status: :too_many_requests
+  # }
+
+  # Configure default handler for methods
   # By default, it raises RailsRateLimit::RateLimitExceeded
-  config.handle_klass_exceeded = -> {
-    raise RailsRateLimit::RateLimitExceeded, "Rate limit exceeded"
-  }
+  # config.handle_klass_exceeded = -> {
+  #   raise RailsRateLimit::RateLimitExceeded, "Rate limit exceeded"
+  # }
 end
 ```
 
@@ -73,8 +91,8 @@ end
 Include the module and set rate limits for your controllers:
 
 ```ruby
-class ApiController < ApplicationController
-  include RailsRateLimit::Controller # include this module
+class UsersController < ApplicationController
+  include RailsRateLimit::Controller    # include this module
 
   # Basic usage - limit all actions
   set_rate_limit limit: 100,            # Maximum requests allowed
@@ -93,29 +111,114 @@ class ApiController < ApplicationController
                     plan_limit: current_user.plan.limit,
                     upgrade_url: pricing_url
                   }, status: :too_many_requests
-                }
+                },
+                as: :custom_rate_limit           # Custom name for rate limit (optional)
+end
+```
+
+### Multiple Rate Limits
+
+You can set multiple rate limits for a single controller or his ancestors. Each rate limit can have its own configuration:
+
+```ruby
+class ApiController < ApplicationController
+  include RailsRateLimit::Controller
+
+  # Global rate limit for all actions
+  set_rate_limit limit: 1000,
+                period: 1.hour,
+                as: :global_rate_limit         # Custom name for rate limit (optional)
+
+  # Stricter limit for write operations
+  set_rate_limit only: [:create, :update, :destroy],
+                limit: 100,
+                period: 1.hour,
+                as: :write_operations_limit    # Custom name for rate limit (optional)
+
+  # Custom limit for specific action
+  set_rate_limit only: [:expensive_operation],
+                limit: 10,
+                period: 1.day,
+                as: :expensive_operation_limit # Custom name for rate limit (optional)
+end
+```
+
+### Custom Rate Limit Names
+
+You can give your rate limits custom names using the `as` option. This is useful for:
+- Better logging and debugging
+- Skipping specific rate limits
+- Better organization of multiple limits
+
+```ruby
+class ApplicationController < ActionController::API
+  include RailsRateLimit::Controller
+
+  # Global rate limit that applies to all inherited controllers
+  set_rate_limit limit: 1000,
+                period: 1.hour,
+                as: :global_rate_limit
+end
+
+class ApiController < ApplicationController
+  # Additional limit for API endpoints
+  set_rate_limit limit: 100,
+                period: 1.minute,
+                as: :api_rate_limit
+end
+```
+
+### Skipping Rate Limits
+
+You can skip specific rate limits for certain actions using `skip_before_action`:
+
+```ruby
+class PaymentsController < ApiController
+  # Skip global rate limit for webhook endpoint
+  skip_before_action :global_rate_limit, only: [:webhook]
+
+  # Skip API rate limit for status check
+  skip_before_action :api_rate_limit, only: [:status]
+
+  def webhook
+    # This action will ignore global rate limit (custom name)
+  end
+
+  def status
+    # This action will ignore API rate limit (custom name)
+  end
 end
 ```
 
 ### Rate Limiting Methods
 
-You can limit any instance method in your classes (class methods are not supported yet):
+You can limit both instance and class methods in your classes:
 
 ```ruby
 class ApiClient
-  include RailsRateLimit::Klass # include this module
+  include RailsRateLimit::Klass
 
+  # Instance method
   def make_request
     # Your API call logic here
   end
 
-  # IMPORTANT: set_rate_limit must be called AFTER method definition
-  # Basic usage
+  # Class method
+  def self.bulk_request
+    # Your API call logic here
+  end
+
+  # Rate limit for instance method
   set_rate_limit :make_request,
                 limit: 100,
                 period: 1.minute
 
-  # Advanced usage with all options
+  # Rate limit for class method
+  set_rate_limit :bulk_request,
+                limit: 10,
+                period: 1.hour
+
+  # Advanced usage with all options (instance method)
   set_rate_limit :another_method,
                 limit: 10,                       # Maximum calls allowed
                 period: 1.hour,                  # Time window for the limit
@@ -128,21 +231,26 @@ class ApiClient
                   nil # Method will return nil
                 }
 
-  # Example with default handler that raises error
-  set_rate_limit :risky_method,
-                limit: 5,
-                period: 1.minute
-                # Without on_exceeded option it will use default handler
-                # that raises RailsRateLimit::RateLimitExceeded
-
-  # Example with custom error handling
-  def safe_request
-    risky_method
-  rescue RailsRateLimit::RateLimitExceeded => e
-    # Handle the error
-    Rails.logger.warn("Rate limit exceeded: #{e.message}")
-    nil # or any other fallback value
-  end
+  # Advanced usage with all options (class method)
+  set_rate_limit :another_class_method,
+                limit: 5,                        # Maximum calls allowed
+                period: 1.day,                   # Time window for the limit
+                by: -> { "global:#{name}" },     # Method call identifier
+                store: :redis,                   # Override default store
+                on_exceeded: -> {                # Custom error handler
+                  log_exceeded_event
+                  "Rate limit exceeded"          # Return custom message
+                }
+
+  # Direct rate limit setting
+  # You can also set rate limits directly if you have both instance and class methods with the same name
+  set_instance_rate_limit :process,             # For instance method
+                         limit: 10,
+                         period: 1.hour
+
+  set_class_rate_limit :process,                # For class method
+                      limit: 5,
+                      period: 1.hour
 end
 ```
 
@@ -153,11 +261,13 @@ For both controllers and methods:
 - `period`: (Required) Time period for the limit (in seconds or ActiveSupport::Duration)
 - `by`: (Optional) Lambda/Proc to generate unique identifier
   - Default for controllers: `"#{controller.class.name}:#{controller.request.remote_ip}"`
-  - Default for methods: `"#{self.class.name}##{method_name}:#{respond_to?(:id) ? 'id='+id.to_s : 'object_id='+object_id.to_s}"`
+  - Default for instance methods: `"#{self.class.name}##{method_name}:#{respond_to?(:id) ? 'id='+id.to_s : 'object_id='+object_id.to_s}"`
+  - Default for class methods: `"#{class.name}.#{method_name}"`
 - `store`: (Optional) Override default storage backend (`:redis`, `:memcached`, `:memory`)
 - `on_exceeded`: (Optional) Custom handler for rate limit exceeded
 
 Additional options for controllers:
+- `as`: (Optional) Custom name for rate limit
 - `only`: (Optional) Array of action names to limit
 - `except`: (Optional) Array of action names to exclude
 
@@ -188,6 +298,7 @@ By default, the gem logs the error message to the logger together with your cust
 # where key for klass is `by` or default unique identifier
 # Rate limit exceeded for ReportGenerator#generate:object_id=218520. Limit: 2 requests per 10 seconds
 # Rate limit exceeded for Notification#deliver:id=1. Limit: 3 requests per 60 seconds
+# Rate limit exceeded for ReportGenerator.generate. Limit: 2 requests per 10 seconds
 
 # where key for controller is `by` or default unique identifier
 # Rate limit exceeded for HomeController:127.0.0.1. Limit: 100 requests per 1 minute
@@ -204,6 +315,13 @@ For controller rate limiting, the following headers are automatically added:
 
 ## Storage Backends
 
+### Memory (Default)
+- No additional dependencies
+- Perfect for development or single-server setups
+- Data is lost on server restart
+- Not suitable for distributed systems
+- Thread-safe implementation
+
 ### Redis
 - Requires the `redis-rails` gem
 - Best for distributed systems
@@ -218,13 +336,6 @@ For controller rate limiting, the following headers are automatically added:
 - Works well in distributed environments
 - Good option if you're already using Memcached
 
-### Memory (Default)
-- No additional dependencies
-- Perfect for development or single-server setups
-- Data is lost on server restart
-- Not suitable for distributed systems
-- Thread-safe implementation
-
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.

data/lib/generators/rails_rate_limit/install/install_generator.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsRateLimit
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+      desc "Creates a RailsRateLimit initializer file at config/initializers"
+
+      def copy_initializer
+        template "initializer.rb", "config/initializers/rails_rate_limit.rb"
+      end
+    end
+  end
+end

data/lib/generators/rails_rate_limit/install/templates/initializer.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+RailsRateLimit.configure do |config|
+  # Choose your storage backend (default: :memory)
+  # Available options: :redis, :memcached, :memory
+  # config.default_store = :memory
+
+  # Configure Redis connection (required if using Redis store)
+  # config.redis_connection = Redis.new(
+  #   url: ENV['REDIS_URL'],
+  #   timeout: 1,
+  #   reconnect_attempts: 2
+  # )
+
+  # Configure Memcached connection (required if using Memcached store)
+  # config.memcached_connection = Dalli::Client.new(
+  #   ENV['MEMCACHED_URL'],
+  #   { expires_in: 1.day, compress: true }
+  # )
+
+  # Configure logging (set to nil to disable logging)
+  # config.logger = Rails.logger
+
+  # Configure default handler for controllers (HTTP requests)
+  # config.handle_controller_exceeded = -> {
+  #   render json: {
+  #     error: "Too many requests",
+  #     retry_after: response.headers["Retry-After"]
+  #   }, status: :too_many_requests
+  # }
+
+  # Configure default handler for methods
+  # By default, it raises RailsRateLimit::RateLimitExceeded
+  # config.handle_klass_exceeded = -> {
+  #   raise RailsRateLimit::RateLimitExceeded, "Rate limit exceeded"
+  # }
+end

data/lib/rails_rate_limit/controller.rb

@@ -1,31 +1,66 @@
 # frozen_string_literal: true
 
 require "active_support/concern"
+require "active_support/core_ext/string/inflections"
+require "active_support/core_ext/class/attribute"
 
 module RailsRateLimit
   module Controller
     extend ActiveSupport::Concern
 
+    included do
+      class_attribute :rate_limits, default: []
+      class_attribute :skipped_rate_limits, default: []
+    end
+
     class_methods do
       def set_rate_limit(limit:, period:, by: nil, on_exceeded: nil, store: nil, **options)
         Validations.validate_options!(limit: limit, period: period, by: by, on_exceeded: on_exceeded, store: store)
 
-        before_action(options) do |controller|
-          limiter = RateLimiter.new(
-            context: controller,
-            by: by || "#{controller.class.name}:#{controller.request.remote_ip}",
-            limit: limit,
-            period: period.to_i,
-            store: store
-          )
-
-          begin
-            limiter.perform!
-          rescue RailsRateLimit::RateLimitExceeded
-            handler = on_exceeded.nil? ? RailsRateLimit.configuration.handle_controller_exceeded : on_exceeded
-            controller.instance_exec(&handler)
+        callback_name = options.delete(:as) || :"check_rate_limit_#{name.to_s.underscore}_#{rate_limits.length}"
+
+        self.rate_limits = rate_limits + [{
+          limit: limit,
+          period: period,
+          by: by,
+          on_exceeded: on_exceeded,
+          store: store,
+          callback_name: callback_name
+        }]
+
+        define_method(callback_name) do
+          self.class.rate_limits.each do |rate_limit|
+            next if self.class.skipped_rate_limits.include?(rate_limit[:callback_name])
+
+            limiter = RateLimiter.new(
+              context: self,
+              by: rate_limit[:by] || "#{self.class.name}:#{request.remote_ip}",
+              limit: rate_limit[:limit],
+              period: rate_limit[:period].to_i,
+              store: rate_limit[:store]
+            )
+
+            begin
+              limiter.perform!
+            rescue RailsRateLimit::RateLimitExceeded
+              handler = rate_limit[:on_exceeded].nil? ? RailsRateLimit.configuration.handle_controller_exceeded : rate_limit[:on_exceeded]
+              return instance_exec(&handler)
+            end
           end
         end
+
+        before_action callback_name, **options
+      end
+
+      def skip_before_action(callback_name, **options)
+        super
+        self.skipped_rate_limits = skipped_rate_limits + [callback_name]
+      end
+
+      def inherited(subclass)
+        super
+        subclass.rate_limits = rate_limits.dup
+        subclass.skipped_rate_limits = skipped_rate_limits.dup
       end
     end
   end

data/lib/rails_rate_limit/klass.rb

@@ -8,6 +8,18 @@ module RailsRateLimit
       def set_rate_limit(method_name, limit:, period:, by: nil, store: nil, on_exceeded: nil)
         Validations.validate_options!(limit: limit, period: period, by: by, store: store)
 
+        if method_defined?(method_name) || private_method_defined?(method_name)
+          set_instance_rate_limit(method_name, limit: limit, period: period, by: by, store: store,
+                                               on_exceeded: on_exceeded)
+        elsif singleton_class.method_defined?(method_name) || singleton_class.private_method_defined?(method_name)
+          set_class_rate_limit(method_name, limit: limit, period: period, by: by, store: store,
+                                            on_exceeded: on_exceeded)
+        else
+          raise ArgumentError, "Method #{method_name} is not defined"
+        end
+      end
+
+      def set_instance_rate_limit(method_name, limit:, period:, by:, store:, on_exceeded:)
         original_method = instance_method(method_name)
 
         define_method(method_name) do |*args, &block|
@@ -30,6 +42,30 @@ module RailsRateLimit
           end
         end
       end
+
+      def set_class_rate_limit(method_name, limit:, period:, by:, store:, on_exceeded:)
+        original_method = singleton_class.instance_method(method_name)
+
+        singleton_class.define_method(method_name) do |*args, &block|
+          limiter = RateLimiter.new(
+            context: self,
+            by: by || lambda {
+              "#{name}.#{method_name}"
+            },
+            limit: limit,
+            period: period.to_i,
+            store: store
+          )
+
+          begin
+            limiter.perform!
+            original_method.bind(self).call(*args, &block)
+          rescue RailsRateLimit::RateLimitExceeded
+            handler = on_exceeded.nil? ? RailsRateLimit.configuration.handle_klass_exceeded : on_exceeded
+            instance_exec(&handler)
+          end
+        end
+      end
     end
   end
 end

data/lib/rails_rate_limit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsRateLimit
-  VERSION = "0.1.2"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_rate_limit
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Kasvit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2025-01-21 00:00:00.000000000 Z
+date: 2025-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dalli
@@ -133,6 +133,8 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- lib/generators/rails_rate_limit/install/install_generator.rb
+- lib/generators/rails_rate_limit/install/templates/initializer.rb
 - lib/rails_rate_limit.rb
 - lib/rails_rate_limit/configuration.rb
 - lib/rails_rate_limit/controller.rb