railslove-rack-throttle 0.0.0

data/Rakefile

@@ -0,0 +1,47 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "railslove-rack-throttle"
+    gem.summary = %Q{Extension of rack-throttle - HTTP request rate limiter for Rack applications.}
+    gem.description = %Q{Rack middleware for rate-limiting incoming HTTP requests.}
+    gem.email = "reddavis@gmail.com"
+    gem.homepage = "http://github.com/railslove/rack-throttle"
+    gem.authors = ["Arto Bendiken", "Brendon Murphy", "reddavis"]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    gem.add_development_dependency "rack-test", ">= 0.5.3"
+    gem.add_runtime_dependency "rack", ">= 1.0.0"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "Railslove Rack-Throttle #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/UNLICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <http://unlicense.org/>

data/VERSION

@@ -0,0 +1 @@
+0.0.0

data/doc/.gitignore

@@ -0,0 +1,2 @@
+rdoc
+yard

data/etc/gdbm.ru

@@ -0,0 +1,7 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/throttle'
+require 'gdbm'
+
+use Rack::Throttle::Interval, :min => 3.0, :cache => GDBM.new('/tmp/throttle.db')
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

data/etc/hash.ru

@@ -0,0 +1,6 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/throttle'
+
+use Rack::Throttle::Interval, :min => 3.0, :cache => {}
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

data/etc/memcache-client.ru

@@ -0,0 +1,8 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/throttle'
+gem 'memcache-client'
+require 'memcache'
+
+use Rack::Throttle::Interval, :min => 3.0, :cache => MemCache.new('localhost:11211')
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

data/etc/memcache.ru

@@ -0,0 +1,8 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/throttle'
+gem 'memcache'
+require 'memcache'
+
+use Rack::Throttle::Interval, :min => 3.0, :cache => Memcache.new(:server => 'localhost:11211')
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

data/etc/memcached.ru

@@ -0,0 +1,8 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/throttle'
+gem 'memcached'
+require 'memcached'
+
+use Rack::Throttle::Interval, :min => 3.0, :cache => Memcached.new
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

data/etc/redis.ru

@@ -0,0 +1,8 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/throttle'
+gem 'redis'
+require 'redis'
+
+use Rack::Throttle::Interval, :min => 3.0, :cache => Redis.new
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

data/lib/rack/throttle.rb

@@ -0,0 +1,13 @@
+require 'rack'
+
+module Rack
+  module Throttle
+    autoload :Limiter,    'rack/throttle/limiter'
+    autoload :Interval,   'rack/throttle/interval'
+    autoload :TimeWindow, 'rack/throttle/time_window'
+    autoload :Daily,      'rack/throttle/daily'
+    autoload :Hourly,     'rack/throttle/hourly'
+    autoload :VERSION,    'rack/throttle/version'
+    autoload :PerMinute,  'rack/throttle/per_minute'
+  end
+end

data/lib/rack/throttle/daily.rb

@@ -0,0 +1,44 @@
+module Rack; module Throttle
+  ##
+  # This rate limiter strategy throttles the application by defining a
+  # maximum number of allowed HTTP requests per day (by default, 86,400
+  # requests per 24 hours, which works out to an average of 1 request per
+  # second).
+  #
+  # Note that this strategy doesn't use a sliding time window, but rather
+  # tracks requests per calendar day. This means that the throttling counter
+  # is reset at midnight (according to the server's local timezone) every
+  # night.
+  #
+  # @example Allowing up to 86,400 requests per day
+  #   use Rack::Throttle::Daily
+  #
+  # @example Allowing up to 1,000 requests per day
+  #   use Rack::Throttle::Daily, :max => 1000
+  #
+  class Daily < TimeWindow
+    ##
+    # @param  [#call]                  app
+    # @param  [Hash{Symbol => Object}] options
+    # @option options [Integer] :max   (86400)
+    def initialize(app, options = {})
+      super
+    end
+
+    ##
+    def max_per_day
+      @max_per_hour ||= options[:max_per_day] || options[:max] || 86_400
+    end
+
+    alias_method :max_per_window, :max_per_day
+
+    protected
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [String]
+    def cache_key(request)
+      [super, Time.now.strftime('%Y-%m-%d')].join(':')
+    end
+  end
+end; end

data/lib/rack/throttle/hourly.rb

@@ -0,0 +1,44 @@
+module Rack; module Throttle
+  ##
+  # This rate limiter strategy throttles the application by defining a
+  # maximum number of allowed HTTP requests per hour (by default, 3,600
+  # requests per 60 minutes, which works out to an average of 1 request per
+  # second).
+  #
+  # Note that this strategy doesn't use a sliding time window, but rather
+  # tracks requests per distinct hour. This means that the throttling
+  # counter is reset every hour on the hour (according to the server's local
+  # timezone).
+  #
+  # @example Allowing up to 3,600 requests per hour
+  #   use Rack::Throttle::Hourly
+  #
+  # @example Allowing up to 100 requests per hour
+  #   use Rack::Throttle::Hourly, :max => 100
+  #
+  class Hourly < TimeWindow
+    ##
+    # @param  [#call]                  app
+    # @param  [Hash{Symbol => Object}] options
+    # @option options [Integer] :max   (3600)
+    def initialize(app, options = {})
+      super
+    end
+
+    ##
+    def max_per_hour
+      @max_per_hour ||= options[:max_per_hour] || options[:max] || 3_600
+    end
+
+    alias_method :max_per_window, :max_per_hour
+
+    protected
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [String]
+    def cache_key(request)
+      [super, Time.now.strftime('%Y-%m-%dT%H')].join(':')
+    end
+  end
+end; end

data/lib/rack/throttle/interval.rb

@@ -0,0 +1,63 @@
+module Rack; module Throttle
+  ##
+  # This rate limiter strategy throttles the application by enforcing a
+  # minimum interval (by default, 1 second) between subsequent allowed HTTP
+  # requests.
+  #
+  # @example Allowing up to two requests per second
+  #   use Rack::Throttle::Interval, :min => 0.5   #  500 ms interval
+  #
+  # @example Allowing a request every two seconds
+  #   use Rack::Throttle::Interval, :min => 2.0   # 2000 ms interval
+  #
+  class Interval < Limiter
+    ##
+    # @param  [#call]                  app
+    # @param  [Hash{Symbol => Object}] options
+    # @option options [Float] :min     (1.0)
+    def initialize(app, options = {})
+      super
+    end
+
+    ##
+    # Returns `true` if sufficient time (equal to or more than
+    # {#minimum_interval}) has passed since the last request and the given
+    # present `request`.
+    #
+    # @param  [Rack::Request] request
+    # @return [Boolean]
+    def allowed?(request)
+      t1 = request_start_time(request)
+      t0 = cache_get(key = cache_key(request)) rescue nil
+      allowed = !t0 || (dt = t1 - t0.to_f) >= minimum_interval
+      begin
+        cache_set(key, t1)
+        allowed
+      rescue => e
+        # If an error occurred while trying to update the timestamp stored
+        # in the cache, we will fall back to allowing the request through.
+        # This prevents the Rack application blowing up merely due to a
+        # backend cache server (Memcached, Redis, etc.) being offline.
+        allowed = true
+      end
+    end
+
+    ##
+    # Returns the number of seconds before the client is allowed to retry an
+    # HTTP request.
+    #
+    # @return [Float]
+    def retry_after
+      minimum_interval
+    end
+
+    ##
+    # Returns the required minimal interval (in terms of seconds) that must
+    # elapse between two subsequent HTTP requests.
+    #
+    # @return [Float]
+    def minimum_interval
+      @min ||= (@options[:min] || 1.0).to_f
+    end
+  end
+end; end

data/lib/rack/throttle/limiter.rb

@@ -0,0 +1,214 @@
+module Rack; module Throttle
+  ##
+  # This is the base class for rate limiter implementations.
+  #
+  # @example Defining a rate limiter subclass
+  #   class MyLimiter < Limiter
+  #     def allowed?(request)
+  #       # TODO: custom logic goes here
+  #     end
+  #   end
+  #
+  class Limiter
+    attr_reader :app
+    attr_reader :options
+
+    ##
+    # @param  [#call]                       app
+    # @param  [Hash{Symbol => Object}]      options
+    # @option options [String]  :cache      (Hash.new)
+    # @option options [String]  :key        (nil)
+    # @option options [String]  :key_prefix (nil)
+    # @option options [Integer] :code       (403)
+    # @option options [String]  :message    ("Rate Limit Exceeded")
+    # @option options [Proc]    :on_reject  (Proc.new { puts "hey!" })
+    def initialize(app, options = {})
+      @app, @options = app, options
+    end
+
+    ##
+    # @param  [Hash{String => String}] env
+    # @return [Array(Integer, Hash, #each)]
+    # @see    http://rack.rubyforge.org/doc/SPEC.html
+    def call(env)
+      request = Rack::Request.new(env)
+      if allowed?(request)
+        app.call(env)
+      else
+        call_on_reject
+        rate_limit_exceeded
+      end
+    end
+
+    ##
+    # Returns `false` if the rate limit has been exceeded for the given
+    # `request`, or `true` otherwise.
+    #
+    # Override this method in subclasses that implement custom rate limiter
+    # strategies.
+    #
+    # @param  [Rack::Request] request
+    # @return [Boolean]
+    def allowed?(request)
+      case
+        when whitelisted?(request) then true
+        when blacklisted?(request) then false
+        else true # override in subclasses
+      end
+    end
+
+    ##
+    # Returns `true` if the originator of the given `request` is whitelisted
+    # (not subject to further rate limits).
+    #
+    # The default implementation always returns `false`. Override this
+    # method in a subclass to implement custom whitelisting logic.
+    #
+    # @param  [Rack::Request] request
+    # @return [Boolean]
+    # @abstract
+    def whitelisted?(request)
+      false
+    end
+
+    ##
+    # Returns `true` if the originator of the given `request` is blacklisted
+    # (not honoring rate limits, and thus permanently forbidden access
+    # without the need to maintain further rate limit counters).
+    #
+    # The default implementation always returns `false`. Override this
+    # method in a subclass to implement custom blacklisting logic.
+    #
+    # @param  [Rack::Request] request
+    # @return [Boolean]
+    # @abstract
+    def blacklisted?(request)
+      false
+    end
+
+    protected
+
+    # Calls whatever object is passed with options[:on_reject] on initialize
+    def call_on_reject
+      @options[:on_reject].call if @options[:on_reject]
+    end
+
+    ##
+    # @return [Hash]
+    def cache
+      case cache = (options[:cache] ||= {})
+        when Proc then cache.call
+        else cache
+      end
+    end
+
+    ##
+    # @param  [String] key
+    def cache_has?(key)
+      case
+        when cache.respond_to?(:has_key?)
+          cache.has_key?(key)
+        when cache.respond_to?(:get)
+          cache.get(key) rescue false
+        else false
+      end
+    end
+
+    ##
+    # @param  [String] key
+    # @return [Object]
+    def cache_get(key, default = nil)
+      case
+        when cache.respond_to?(:[])
+          cache[key] || default
+        when cache.respond_to?(:get)
+          cache.get(key) || default
+      end
+    end
+
+    ##
+    # @param  [String] key
+    # @param  [Object] value
+    # @return [void]
+    def cache_set(key, value)
+      case
+        when cache.respond_to?(:[]=)
+          begin
+            cache[key] = value
+          rescue TypeError => e
+            # GDBM throws a "TypeError: can't convert Float into String"
+            # exception when trying to store a Float. On the other hand, we
+            # don't want to unnecessarily coerce the value to a String for
+            # any stores that do support other data types (e.g. in-memory
+            # hash objects). So, this is a compromise.
+            cache[key] = value.to_s
+          end
+        when cache.respond_to?(:set)
+          cache.set(key, value)
+      end
+    end
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [String]
+    def cache_key(request)
+      id = client_identifier(request)
+      case
+        when options.has_key?(:key)
+          options[:key].call(request)
+        when options.has_key?(:key_prefix)
+          [options[:key_prefix], id].join(':')
+        else id
+      end
+    end
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [String]
+    def client_identifier(request)
+      request.ip.to_s
+    end
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [Float]
+    def request_start_time(request)
+      case
+        when request.env.has_key?('HTTP_X_REQUEST_START')
+          request.env['HTTP_X_REQUEST_START'].to_f / 1000
+        else
+          Time.now.to_f
+      end
+    end
+
+    ##
+    # Outputs a `Rate Limit Exceeded` error.
+    #
+    # @return [Array(Integer, Hash, #each)]
+    def rate_limit_exceeded
+      headers = respond_to?(:retry_after) ? {'Retry-After' => retry_after.to_f.ceil.to_s} : {}
+      http_error(options[:code] || 403, options[:message] || 'Rate Limit Exceeded', headers)
+    end
+
+    ##
+    # Outputs an HTTP `4xx` or `5xx` response.
+    #
+    # @param  [Integer]                code
+    # @param  [String, #to_s]          message
+    # @param  [Hash{String => String}] headers
+    # @return [Array(Integer, Hash, #each)]
+    def http_error(code, message = nil, headers = {})
+      [code, {'Content-Type' => 'text/plain; charset=utf-8'}.merge(headers),
+        http_status(code) + (message.nil? ? "\n" : " (#{message})\n")]
+    end
+
+    ##
+    # Returns the standard HTTP status message for the given status `code`.
+    #
+    # @param  [Integer] code
+    # @return [String]
+    def http_status(code)
+      [code, Rack::Utils::HTTP_STATUS_CODES[code]].join(' ')
+    end
+  end
+end; end