rails_rate_limiter 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d82c4e44c5fbd709bf78fdd289e80d7d09ad22e9
+  data.tar.gz: 54e6b7c805bb217398b06dec94f4002522ac8b48
+SHA512:
+  metadata.gz: e42895cbe22f74b33b13f8732202b746415e3f8d38117007890ee05333378ea38c5e0acc242e090aa82e013ace738636df004b0d3bdda976fc0b8a3a16b40e97
+  data.tar.gz: a078a449b36a996444d3588d5384e6a6cf60292d7cd0da726d015633df168980ba8ebd51351015cf5b90d41c9b2f09d9faa82a5ed2fd0d6112b70cc7b51bdf3c

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.2
+before_install: gem install bundler -v 1.16.1

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in rails_rate_limiter.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,155 @@
+PATH
+  remote: .
+  specs:
+    rails_rate_limiter (0.1.0)
+      rails (>= 4.2)
+      redis (~> 3.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.2.0)
+      actionpack (= 5.2.0)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.0)
+      actionview (= 5.2.0)
+      activesupport (= 5.2.0)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.0)
+      activesupport (= 5.2.0)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.2.0)
+      activesupport (= 5.2.0)
+      globalid (>= 0.3.6)
+    activemodel (5.2.0)
+      activesupport (= 5.2.0)
+    activerecord (5.2.0)
+      activemodel (= 5.2.0)
+      activesupport (= 5.2.0)
+      arel (>= 9.0)
+    activestorage (5.2.0)
+      actionpack (= 5.2.0)
+      activerecord (= 5.2.0)
+      marcel (~> 0.3.1)
+    activesupport (5.2.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (9.0.0)
+    builder (3.2.3)
+    coderay (1.1.2)
+    concurrent-ruby (1.0.5)
+    crass (1.0.4)
+    diff-lcs (1.3)
+    erubi (1.7.1)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    i18n (1.0.1)
+      concurrent-ruby (~> 1.0)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.2)
+      mimemagic (~> 0.3.2)
+    method_source (0.9.0)
+    mimemagic (0.3.2)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    mock_redis (0.17.3)
+    nio4r (2.3.1)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    rack (2.0.5)
+    rack-test (1.0.0)
+      rack (>= 1.0, < 3)
+    rails (5.2.0)
+      actioncable (= 5.2.0)
+      actionmailer (= 5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
+      activemodel (= 5.2.0)
+      activerecord (= 5.2.0)
+      activestorage (= 5.2.0)
+      activesupport (= 5.2.0)
+      bundler (>= 1.3.0)
+      railties (= 5.2.0)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.2.0)
+      actionpack (= 5.2.0)
+      activesupport (= 5.2.0)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.5.0)
+    redis (3.3.5)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-rails (3.7.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    websocket-driver (0.7.0)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  mock_redis
+  pry
+  rails_rate_limiter!
+  rake (~> 10.0)
+  rspec-rails
+
+BUNDLED WITH
+   1.16.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Ruslan Kotov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,72 @@
+# RailsRateLimiter
+
+This is a high level rate limiting gem for Ruby on Rails using Redis. It limits amount of requests on controllers level, that allows you to customize rate limiting options using everything that available in your action, e.g. `current_user`.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rails_rate_limiter'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rails_rate_limiter
+
+## Usage
+
+Add `include RateLimiter` to the controller you want to rate limit. It allows you to use `rate_limit` class method.
+
+### Example
+
+```ruby
+class Posts < ApplicationController
+  rate_limit limit: 100, per: 1.hour, only: :index do |info|
+    render plain: I18n.t('rate_limit_exceeded', seconds: info.time_left),
+           status: :too_many_requests
+  end
+
+  def index
+    # ...
+  end
+end
+```
+
+### `rate_limit` arguments
+* `&block` - executes if rate limit was exceeded. This argument is mandatory. `RateLimiter::Error` is raising if not passed.
+
+### `rate_limit` options
+* `strategy` - rate limiting strategy. Default value is :sliding_window_log
+* `limit` - the number of allowed request per time period. Supports lambda and proc. Default value is 100
+* `per` - time period in seconds. Supports lambda and proc as well. Default value is `1.hour`
+* `pattern` - lambda or proc. Can be used if you want to use something instead of IP as cache key identifier. For example `-> current_user.id`. Uses `request.remote_ip` by default.
+* `client` - Redis client. Uses `Redis.new` by default.
+
+You can also use any options which are available for `before_action` callback because `rate_limiter` uses it under the hood.
+
+## Strategies
+
+At this moment gem supports only Sliding Window Log strategy to rate limit requests. You can read more about different strategies [here](https://blog.figma.com/an-alternative-approach-to-rate-limiting-f8a06cf7c94c).
+
+### Sliding Window Log
+
+![](https://cdn-images-1.medium.com/max/1600/1*u_xRdZnWUlQFf0wrp0acrw.png)
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rails_rate_limiter.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "rails_rate_limiter"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/rails_rate_limiter.rb

@@ -0,0 +1,71 @@
+require 'active_support/concern'
+require 'active_support/inflector'
+
+require 'rails_rate_limiter/version'
+require 'rails_rate_limiter/strategies'
+require 'rails_rate_limiter/error'
+
+module RailsRateLimiter
+  extend ActiveSupport::Concern
+
+  class_methods do
+    # Sets callback that checks if rate limit was exceeded.
+    #
+    # == Arguments:
+    #
+    #   +&block+      - Executed if rate limit exceded.
+    #                   This argument is mandatory.
+    #
+    # == Options:
+    #
+    #   +strategy+   - Rate limiting strategy.
+    #                  Default value is :sliding_window_log
+    #
+    #   +limit+      - The number of allowed request per time period.
+    #                  Supports lambda and proc. Default value is 100
+    #   +per+        - Time period in seconds. Supports lambda and proc as well.
+    #                  Default value is 1.hour
+    #   +pattern+    - lambda or proc. Can be used if you want to use something
+    #                  instead of IP as cache key identifier. For example
+    #                  `->current_user.id`. Uses `request.remote_ip` by default.
+    #   +client+     - Redis client. Uses `Redis.new` by default.
+    #
+    # Any option avaiable for `before_action` can be used.
+    #
+    # == Examples:
+    #
+    # rate_limit limit: 100, per: 1.hour, only: :index do |info|
+    #   render plain: I18n.t('rate_limit_exceeded', seconds: info.time_left),
+    #          status: :too_many_requests
+    # end
+    #
+    def rate_limit(options = {}, &block)
+      raise Error, 'Handling block was not provided' unless block_given?
+
+      # Separate out options related only to rate limiting
+      strategy = (options.delete(:strategy) || 'sliding_window_log').to_s
+      limit = options.delete(:limit) || 100
+      per = options.delete(:per) || 3600
+      pattern = options.delete(:pattern)
+      client = options.delete(:client)
+
+      before_action(options) do
+        check_rate_limits(strategy, limit, per, pattern, client, block)
+      end
+    end
+  end
+
+  private
+
+  def check_rate_limits(strategy, limit, per, pattern, client, block)
+    requester = pattern || request.remote_ip
+
+    strategy_class =
+      "RailsRateLimiter::Strategies::#{strategy.classify}".constantize
+    result = strategy_class.new(limit, per, requester, client).run
+    return unless result.limit_exceeded?
+    # instance_exec is using here because simple block.call executes block in
+    # a wrong context that leads to not preventing action execution after render
+    instance_exec result, &block
+  end
+end

data/lib/rails_rate_limiter/error.rb

@@ -0,0 +1,4 @@
+module RailsRateLimiter
+  class Error < StandardError
+  end
+end

data/lib/rails_rate_limiter/result.rb

@@ -0,0 +1,13 @@
+module RailsRateLimiter
+  class Result
+    attr_reader :time_left
+
+    def initialize(time_left)
+      @time_left = time_left
+    end
+
+    def limit_exceeded?
+      time_left > 0
+    end
+  end
+end

data/lib/rails_rate_limiter/strategies.rb

@@ -0,0 +1 @@
+require_relative 'strategies/sliding_window_log'

data/lib/rails_rate_limiter/strategies/sliding_window_log.rb

@@ -0,0 +1,65 @@
+require 'active_support/time'
+require_relative '../result'
+
+module RailsRateLimiter
+  module Strategies
+    class SlidingWindowLog
+      TIMESTAMP_ACCURACY = 10_000
+
+      attr_reader :limit, :expires_in, :requester_pattern
+
+      def initialize(limit, per, requester, client = nil)
+        @limit = limit.respond_to?(:call) ? limit.call : limit
+        @expires_in = calculate_expires_in(per)
+        @requester_pattern = compute_requester_pattern(requester)
+        @client = client
+      end
+
+      def run
+        remove_expired_set_members
+        return Result.new(time_left) if client.zcard(cache_key) >= limit
+        log_request
+        Result.new(0)
+      end
+
+      private
+
+      def client
+        @client ||= Redis.new
+      end
+
+      def remove_expired_set_members
+        # remove all SORTED SET members that have a score < current_timestamp
+        client.zremrangebyscore(cache_key, '-inf', "(#{current_timestamp}")
+      end
+
+      def log_request
+        expiring_timestamp = current_timestamp + expires_in
+        client.zadd(cache_key, expiring_timestamp, current_timestamp)
+      end
+
+      def time_left
+        timestamp = client.zrange(cache_key, 0, 0, with_scores: true)[0][1]
+        ((timestamp - current_timestamp).to_f / TIMESTAMP_ACCURACY).ceil
+      end
+
+      def cache_key
+        "rate_limiter_#{requester_pattern}"
+      end
+
+      def current_timestamp
+        @current_timestamp ||= (Time.zone.now.to_f * TIMESTAMP_ACCURACY).to_i
+      end
+
+      def calculate_expires_in(per)
+        value = per.respond_to?(:call) ? per.call : per
+        (value.to_f * TIMESTAMP_ACCURACY).to_i
+      end
+
+      def compute_requester_pattern(requester)
+        return "ip_#{requester}" unless requester.respond_to?(:call)
+        "custom_#{requester.call}"
+      end
+    end
+  end
+end

data/lib/rails_rate_limiter/version.rb

@@ -0,0 +1,3 @@
+module RailsRateLimiter
+  VERSION = "0.1.0"
+end

data/rails_rate_limiter.gemspec

@@ -0,0 +1,30 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rails_rate_limiter/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'rails_rate_limiter'
+  spec.version       = RailsRateLimiter::VERSION
+  spec.authors       = ['Ruslan Kotov']
+  spec.email         = %w[rkotov93@gmail.com]
+
+  spec.summary       = 'Requests rate limiting library for Ruby on Rails'
+  spec.homepage      = 'https://github.com/rkotov93/rails_rate_limiter'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'rails', '>= 4.2'
+  spec.add_runtime_dependency 'redis', '~> 3.0'
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'mock_redis'
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: rails_rate_limiter
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ruslan Kotov
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-05-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mock_redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- rkotov93@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/rails_rate_limiter.rb
+- lib/rails_rate_limiter/error.rb
+- lib/rails_rate_limiter/result.rb
+- lib/rails_rate_limiter/strategies.rb
+- lib/rails_rate_limiter/strategies/sliding_window_log.rb
+- lib/rails_rate_limiter/version.rb
+- rails_rate_limiter.gemspec
+homepage: https://github.com/rkotov93/rails_rate_limiter
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Requests rate limiting library for Ruby on Rails
+test_files: []