rails_rate_limit 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f84a9dd27c84c9d0519657dcdc6a03da54339a00951fba0e4dfe847e210bc416
-  data.tar.gz: 68ed631f37784ac86f12e261cd28e99caf879f4b604604f5c0717b9e9a071062
+  metadata.gz: 898367675a14db6a2edf98d6e052797f4447896e57bc180702c897372f8c2ab4
+  data.tar.gz: 4870de49e9e6895566ff929821b4712d5272efddc2154c474bf7ce76653b4d85
 SHA512:
-  metadata.gz: 0d5822c1423345099c7d42a21ca11951720de2f9be00e7858fdf9ffee69b3e970454ed878e57e36c75ee74e49c213a0de1a079f2a476c52c95cdaabefdc34138
-  data.tar.gz: 736ce16dddb1b5e238e88570cd67cbce3895f2bb51a61a10a5d635112d4fe3d3489a33bf01735ddc67ebf350a669f668c3ce1952324a8ba5145649c0806cc379
+  metadata.gz: 651e61eeeb9ca99c8e80b03103d27c18d83e0c1d958d3b8e1dd2b5561537df219be3e9c889f5ac79d615416b9317588be7fb0ed5e0ebffa193386dd98b9db7f2
+  data.tar.gz: d19a7092d505a0ded484c14335d12652f621543b001742248e4fc61d23628442624e536346e979ea4701df9ee63e8c59ceca488df8868b1f5749c60dce4dd4ff

data/README.md

@@ -9,6 +9,17 @@ For example, if you set a limit of 100 requests per hour, and a user makes 100 r
 
 The gem supports rate limiting for both HTTP requests (in controllers) and instance method calls (in any Ruby class), with multiple storage backends (Redis, Memcached, Memory).
 
+## Features
+
+- Multiple storage backends (Redis, Memcached, Memory)
+- Sliding window algorithm for accurate rate limiting
+- Support for both controllers and Ruby classes
+- Multiple rate limits for controllers
+- Custom rate limit names and skipping for controllers
+- Flexible configuration options
+- Automatic HTTP headers
+- Custom error handlers
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -23,46 +34,53 @@ And then execute:
 $ bundle install
 ```
 
+Generate the initializer:
+
+```bash
+$ rails generate rails_rate_limit:install
+```
+
+This will create a configuration file at `config/initializers/rails_rate_limit.rb` with all available options commented out.
+
 ## Configuration
 
-Create an initializer `config/initializers/rails_rate_limit.rb`:
+The generated initializer (`config/initializers/rails_rate_limit.rb`) includes all available configuration options with default values commented out. You can uncomment and modify the options you want to customize:
 
 ```ruby
 RailsRateLimit.configure do |config|
-  # Optional: Choose your storage backend (default: :memory)
-  config.default_store = :redis # Available options: :redis, :memcached, :memory
-  
-  # Optional: Configure Redis connection (required if using Redis store)
-  config.redis_connection = Redis.new(
-    url: ENV['REDIS_URL'],
-    timeout: 1,
-    reconnect_attempts: 2
-  )
-  
-  # Optional: Configure Memcached connection (required if using Memcached store)
-  config.memcached_connection = Dalli::Client.new(
-    ENV['MEMCACHED_URL'],
-    { expires_in: 1.day, compress: true }
-  )
-  
-  # Optional: Configure logging
-  # set `nil` to disable logging
-  config.logger = Rails.logger
-  
-  # Optional: Configure default handler for controllers (HTTP requests)
-  config.handle_controller_exceeded = -> {
-    # Default handler returns a JSON response with a 429 status code
-    render json: {
-      error: "Too many requests",
-      retry_after: response.headers["Retry-After"]
-    }, status: :too_many_requests
-  }
-  
-  # Optional: Configure default handler for methods
+  # Choose your storage backend (default: :memory)
+  # Available options: :redis, :memcached, :memory
+  # config.default_store = :memory
+
+  # Configure Redis connection (required if using Redis store)
+  # config.redis_connection = Redis.new(
+  #   url: ENV['REDIS_URL'],
+  #   timeout: 1,
+  #   reconnect_attempts: 2
+  # )
+
+  # Configure Memcached connection (required if using Memcached store)
+  # config.memcached_connection = Dalli::Client.new(
+  #   ENV['MEMCACHED_URL'],
+  #   { expires_in: 1.day, compress: true }
+  # )
+
+  # Configure logging (set to nil to disable logging)
+  # config.logger = Rails.logger
+
+  # Configure default handler for controllers (HTTP requests)
+  # config.handle_controller_exceeded = -> {
+  #   render json: {
+  #     error: "Too many requests",
+  #     retry_after: response.headers["Retry-After"]
+  #   }, status: :too_many_requests
+  # }
+
+  # Configure default handler for methods
   # By default, it raises RailsRateLimit::RateLimitExceeded
-  config.handle_klass_exceeded = -> {
-    raise RailsRateLimit::RateLimitExceeded, "Rate limit exceeded"
-  }
+  # config.handle_klass_exceeded = -> {
+  #   raise RailsRateLimit::RateLimitExceeded, "Rate limit exceeded"
+  # }
 end
 ```
 
@@ -73,8 +91,8 @@ end
 Include the module and set rate limits for your controllers:
 
 ```ruby
-class ApiController < ApplicationController
-  include RailsRateLimit::Controller # include this module
+class UsersController < ApplicationController
+  include RailsRateLimit::Controller    # include this module
 
   # Basic usage - limit all actions
   set_rate_limit limit: 100,            # Maximum requests allowed
@@ -93,7 +111,82 @@ class ApiController < ApplicationController
                     plan_limit: current_user.plan.limit,
                     upgrade_url: pricing_url
                   }, status: :too_many_requests
-                }
+                },
+                as: :custom_rate_limit           # Custom name for rate limit (optional)
+end
+```
+
+### Multiple Rate Limits
+
+You can set multiple rate limits for a single controller or his ancestors. Each rate limit can have its own configuration:
+
+```ruby
+class ApiController < ApplicationController
+  include RailsRateLimit::Controller
+
+  # Global rate limit for all actions
+  set_rate_limit limit: 1000,
+                period: 1.hour,
+                as: :global_rate_limit         # Custom name for rate limit (optional)
+
+  # Stricter limit for write operations
+  set_rate_limit only: [:create, :update, :destroy],
+                limit: 100,
+                period: 1.hour,
+                as: :write_operations_limit    # Custom name for rate limit (optional)
+
+  # Custom limit for specific action
+  set_rate_limit only: [:expensive_operation],
+                limit: 10,
+                period: 1.day,
+                as: :expensive_operation_limit # Custom name for rate limit (optional)
+end
+```
+
+### Custom Rate Limit Names
+
+You can give your rate limits custom names using the `as` option. This is useful for:
+- Better logging and debugging
+- Skipping specific rate limits
+- Better organization of multiple limits
+
+```ruby
+class ApplicationController < ActionController::API
+  include RailsRateLimit::Controller
+
+  # Global rate limit that applies to all inherited controllers
+  set_rate_limit limit: 1000,
+                period: 1.hour,
+                as: :global_rate_limit
+end
+
+class ApiController < ApplicationController
+  # Additional limit for API endpoints
+  set_rate_limit limit: 100,
+                period: 1.minute,
+                as: :api_rate_limit
+end
+```
+
+### Skipping Rate Limits
+
+You can skip specific rate limits for certain actions using `skip_before_action`:
+
+```ruby
+class PaymentsController < ApiController
+  # Skip global rate limit for webhook endpoint
+  skip_before_action :global_rate_limit, only: [:webhook]
+
+  # Skip API rate limit for status check
+  skip_before_action :api_rate_limit, only: [:status]
+
+  def webhook
+    # This action will ignore global rate limit (custom name)
+  end
+
+  def status
+    # This action will ignore API rate limit (custom name)
+  end
 end
 ```
 
@@ -174,6 +267,7 @@ For both controllers and methods:
 - `on_exceeded`: (Optional) Custom handler for rate limit exceeded
 
 Additional options for controllers:
+- `as`: (Optional) Custom name for rate limit
 - `only`: (Optional) Array of action names to limit
 - `except`: (Optional) Array of action names to exclude
 
@@ -204,6 +298,7 @@ By default, the gem logs the error message to the logger together with your cust
 # where key for klass is `by` or default unique identifier
 # Rate limit exceeded for ReportGenerator#generate:object_id=218520. Limit: 2 requests per 10 seconds
 # Rate limit exceeded for Notification#deliver:id=1. Limit: 3 requests per 60 seconds
+# Rate limit exceeded for ReportGenerator.generate. Limit: 2 requests per 10 seconds
 
 # where key for controller is `by` or default unique identifier
 # Rate limit exceeded for HomeController:127.0.0.1. Limit: 100 requests per 1 minute
@@ -220,6 +315,13 @@ For controller rate limiting, the following headers are automatically added:
 
 ## Storage Backends
 
+### Memory (Default)
+- No additional dependencies
+- Perfect for development or single-server setups
+- Data is lost on server restart
+- Not suitable for distributed systems
+- Thread-safe implementation
+
 ### Redis
 - Requires the `redis-rails` gem
 - Best for distributed systems
@@ -234,13 +336,6 @@ For controller rate limiting, the following headers are automatically added:
 - Works well in distributed environments
 - Good option if you're already using Memcached
 
-### Memory (Default)
-- No additional dependencies
-- Perfect for development or single-server setups
-- Data is lost on server restart
-- Not suitable for distributed systems
-- Thread-safe implementation
-
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.

data/lib/generators/rails_rate_limit/install/install_generator.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsRateLimit
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+      desc "Creates a RailsRateLimit initializer file at config/initializers"
+
+      def copy_initializer
+        template "initializer.rb", "config/initializers/rails_rate_limit.rb"
+      end
+    end
+  end
+end

data/lib/generators/rails_rate_limit/install/templates/initializer.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+RailsRateLimit.configure do |config|
+  # Choose your storage backend (default: :memory)
+  # Available options: :redis, :memcached, :memory
+  # config.default_store = :memory
+
+  # Configure Redis connection (required if using Redis store)
+  # config.redis_connection = Redis.new(
+  #   url: ENV['REDIS_URL'],
+  #   timeout: 1,
+  #   reconnect_attempts: 2
+  # )
+
+  # Configure Memcached connection (required if using Memcached store)
+  # config.memcached_connection = Dalli::Client.new(
+  #   ENV['MEMCACHED_URL'],
+  #   { expires_in: 1.day, compress: true }
+  # )
+
+  # Configure logging (set to nil to disable logging)
+  # config.logger = Rails.logger
+
+  # Configure default handler for controllers (HTTP requests)
+  # config.handle_controller_exceeded = -> {
+  #   render json: {
+  #     error: "Too many requests",
+  #     retry_after: response.headers["Retry-After"]
+  #   }, status: :too_many_requests
+  # }
+
+  # Configure default handler for methods
+  # By default, it raises RailsRateLimit::RateLimitExceeded
+  # config.handle_klass_exceeded = -> {
+  #   raise RailsRateLimit::RateLimitExceeded, "Rate limit exceeded"
+  # }
+end

data/lib/rails_rate_limit/controller.rb

@@ -1,31 +1,66 @@
 # frozen_string_literal: true
 
 require "active_support/concern"
+require "active_support/core_ext/string/inflections"
+require "active_support/core_ext/class/attribute"
 
 module RailsRateLimit
   module Controller
     extend ActiveSupport::Concern
 
+    included do
+      class_attribute :rate_limits, default: []
+      class_attribute :skipped_rate_limits, default: []
+    end
+
     class_methods do
       def set_rate_limit(limit:, period:, by: nil, on_exceeded: nil, store: nil, **options)
         Validations.validate_options!(limit: limit, period: period, by: by, on_exceeded: on_exceeded, store: store)
 
-        before_action(options) do |controller|
-          limiter = RateLimiter.new(
-            context: controller,
-            by: by || "#{controller.class.name}:#{controller.request.remote_ip}",
-            limit: limit,
-            period: period.to_i,
-            store: store
-          )
-
-          begin
-            limiter.perform!
-          rescue RailsRateLimit::RateLimitExceeded
-            handler = on_exceeded.nil? ? RailsRateLimit.configuration.handle_controller_exceeded : on_exceeded
-            controller.instance_exec(&handler)
+        callback_name = options.delete(:as) || :"check_rate_limit_#{name.to_s.underscore}_#{rate_limits.length}"
+
+        self.rate_limits = rate_limits + [{
+          limit: limit,
+          period: period,
+          by: by,
+          on_exceeded: on_exceeded,
+          store: store,
+          callback_name: callback_name
+        }]
+
+        define_method(callback_name) do
+          self.class.rate_limits.each do |rate_limit|
+            next if self.class.skipped_rate_limits.include?(rate_limit[:callback_name])
+
+            limiter = RateLimiter.new(
+              context: self,
+              by: rate_limit[:by] || "#{self.class.name}:#{request.remote_ip}",
+              limit: rate_limit[:limit],
+              period: rate_limit[:period].to_i,
+              store: rate_limit[:store]
+            )
+
+            begin
+              limiter.perform!
+            rescue RailsRateLimit::RateLimitExceeded
+              handler = rate_limit[:on_exceeded].nil? ? RailsRateLimit.configuration.handle_controller_exceeded : rate_limit[:on_exceeded]
+              return instance_exec(&handler)
+            end
           end
         end
+
+        before_action callback_name, **options
+      end
+
+      def skip_before_action(callback_name, **options)
+        super
+        self.skipped_rate_limits = skipped_rate_limits + [callback_name]
+      end
+
+      def inherited(subclass)
+        super
+        subclass.rate_limits = rate_limits.dup
+        subclass.skipped_rate_limits = skipped_rate_limits.dup
       end
     end
   end

data/lib/rails_rate_limit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsRateLimit
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_rate_limit
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Kasvit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2025-01-21 00:00:00.000000000 Z
+date: 2025-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dalli
@@ -133,6 +133,8 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- lib/generators/rails_rate_limit/install/install_generator.rb
+- lib/generators/rails_rate_limit/install/templates/initializer.rb
 - lib/rails_rate_limit.rb
 - lib/rails_rate_limit/configuration.rb
 - lib/rails_rate_limit/controller.rb