rate-limit 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9b6d225525d8976ef1c3c8e7d0fdb1c71a48071357cff8f64633117a13ab714e
+  data.tar.gz: 057bf093d1271c83795c34472cf31e273353a24621bddebb86a901b48d451e8b
+SHA512:
+  metadata.gz: 2e6a6fe077419b22d5dcc5357fdf127ab7c944aff6e1bf9d44ece39cf56f1fc1b6b12ac400aa1a2ffdeab9964f90f7739952cda796b3f23a82748410c64b324b
+  data.tar.gz: 19f68ffd995fca03b3c6787a208649b2c11c2206dd598a6b82feea25b51451817a3f354ca5de7fd9435a6fb6a61b8ac763db37a9dc2535425627eeccfc976333

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Catawiki B.V.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,160 @@
+# RateLimit
+![rspec](https://github.com/catawiki/rate-limit/actions/workflows/main.yml/badge.svg) 
+
+Protect your Ruby apps from bad actors. RateLimit allows you to set permissions as to whether certain number of feature calls are valid or not for a specific entity (user, phone number, email address, etc...). 
+
+This gem mainly provides brute-force protection by throttling attepmts for a specific entity id (i.e user_id). However it could also be used to throttle based on ip address (we recommend that you consider using [Rack::Attack](https://github.com/rack/rack-attack) for more optimized ip throttling)
+
+#### Common Use Cases
+* [Login] Brute-force attempts for a spefic account
+* [SMS Spam] Brute-force attempts for requesting Phone Verification SMS for a spefic user_id
+* [SMS Spam] Brute-force attempts for requesting  Phone Verification SMS for a spefic phone_number
+* [Verifications] Brute-force attempts for entering verification codes
+* [Redeem] Brute-force attempts to redeem voucher codes from a specific account
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rate-limit'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install rate-limit
+
+## Usage
+
+#### Basic `RateLimit.throttle`
+
+```ruby
+if RateLimit.throttle(topic: :login, namespace: :user_id, value: id)
+  # Do something
+end
+```
+or
+
+```ruby
+if RateLimit.throttle(topic: :login, value: id)
+  # Do something
+end
+```
+
+#### Basic with exception `RateLimit.throttle!`
+
+```ruby
+begin
+  RateLimit.throttle!(topic: :send_sms, namespace: :user_id, value: id) do
+    # Logic goes Here
+  end
+rescue RateLimit::Errors::LimitExceededError => e
+  # Error Handling Logic goes here
+  e.topic     # :login
+  e.namespace # :user_id
+  e.value     # id
+  e.threshold # 2
+  e.interval  # 60
+end
+```
+
+#### Advanced
+
+```ruby
+throttler = RateLimit::Throttler.new(topic: :login, namespace: :user_id, value: id)
+
+begin
+  throttler.perform! do
+    # Logic goes Here
+  end
+rescue RateLimit::Errors::LimitExceededError => e
+  # Error Handling Logic goes here
+end
+```
+
+#### Manual
+
+```ruby
+throttler = RateLimit::Throttler.new(topic: :login, namespace: :user_id, value: id)
+
+unless throttler.limit_exceeded?
+  # Logic goes Here
+
+  throttler.increment_counters
+end
+```
+
+#### Nested throttles
+
+```ruby
+begin
+  RateLimit.throttle!(topic: :send_sms, namespace: :user_id, value: id) do
+    RateLimit.throttle!(topic: :send_sms, namespace: :phone_number, value: number) do
+      # Logic goes Here
+    end
+  end
+rescue RateLimit::Errors::LimitExceededError => e
+  # Error Handling Logic goes here
+end
+```
+
+### Config
+
+Customize the configuration by adding the following block to `config/initializers/rate_limit.rb`
+
+```ruby
+RateLimit.configure do |config|
+  config.redis             = Redis.new
+  config.fail_safe         = true
+  config.default_interval  = 60
+  config.default_threshold = 2
+  config.limits_file_path  = 'config/rate-limit.yml'
+end
+```
+
+#### Define Limits
+
+The `config/rate-limit.yml` should include the limits you want to enforce on each given topic. In the following format:
+
+```yaml
+topic:
+  threshold: interval
+```
+
+##### Example
+
+* maximum `2` login attempts per `60` seconds
+* maximum `1` send sms attempts per `60` seconds
+* maximum `5` send sms attempts per `300` seconds
+* maximum `10` send sms attempts per `3000` seconds
+
+```yaml
+login:
+  2: 60
+send_sms:
+  1: 60
+  5: 300
+  10: 3000
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/catawiki/rate-limit. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/catawiki/rate-limit/blob/master/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the RateLimit project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/catawiki/rate-limit/blob/master/CODE_OF_CONDUCT.md).

data/lib/rate_limit/base.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module RateLimit
+  module Base
+    def throttle(**args)
+      throttle!(**args) { yield if block_given? }
+    rescue Errors::LimitExceededError => _e
+      false
+    end
+
+    def throttle!(**args)
+      Throttler.new(**args).perform! { yield if block_given? }
+    end
+
+    def throttle_only_failures!(**args)
+      Throttler.new(**args).perform_only_failures! { yield if block_given? }
+    end
+
+    def limit_exceeded?(**args)
+      Throttler.new(**args).limit_exceeded?
+    end
+
+    def reset_counters(**args)
+      Throttler.new(**args).clear_cache_counter
+    end
+
+    def increment_counters(**args)
+      Throttler.new(**args).increment_cache_counter
+    end
+  end
+end

data/lib/rate_limit/cache.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module RateLimit
+  module Cache
+    class << self
+      def write(options)
+        RateLimit.config.redis.multi do |redis|
+          options.each do |key, value|
+            redis.incr(key)
+            redis.expire(key, value)
+          end
+        end
+      rescue ::Redis::BaseError => e
+        return true if RateLimit.config.fail_safe
+
+        raise e
+      end
+
+      def read(key)
+        RateLimit.config.redis.get(key)
+      rescue ::Redis::BaseError => e
+        return 0 if RateLimit.config.fail_safe
+
+        raise e
+      end
+
+      def clear(keys)
+        RateLimit.config.redis.multi do |redis|
+          keys.each { |k| redis.del(k) }
+        end
+      rescue ::Redis::BaseError => e
+        return true if RateLimit.config.fail_safe
+
+        raise e
+      end
+    end
+  end
+end

data/lib/rate_limit/config/defaults.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module RateLimit
+  class Config
+    module Defaults
+      # Limits File Path
+      LIMITS_FILE_PATH = 'config/rate-limit.yml'
+
+      # Fixed Window Defaults
+      WINDOW_INTERVAL = 60
+      WINDOW_THRESHOLD = 2
+
+      class << self
+        def raw_limits
+          {
+            RateLimit.config.default_threshold => \
+              RateLimit.config.default_interval
+          }
+        end
+      end
+    end
+  end
+end

data/lib/rate_limit/config/file_loader.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module RateLimit
+  class Config
+    module FileLoader
+      def self.fetch
+        return {} unless File.exist?(RateLimit.config.limits_file_path)
+
+        YAML.load_file(RateLimit.config.limits_file_path)
+      end
+    end
+  end
+end

data/lib/rate_limit/config.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'redis'
+require_relative 'config/defaults'
+require_relative 'config/file_loader'
+
+module RateLimit
+  class Config
+    attr_accessor :default_interval,
+                  :default_threshold,
+                  :limits_file_path,
+                  :fail_safe,
+                  :redis
+
+    def initialize
+      @redis             = Redis.new
+      @fail_safe         = true
+      @limits_file_path  = Defaults::LIMITS_FILE_PATH
+      @default_interval  = Defaults::WINDOW_INTERVAL
+      @default_threshold = Defaults::WINDOW_THRESHOLD
+    end
+
+    def raw_limits_for(topic)
+      raw_limits[topic] || Defaults.raw_limits
+    end
+
+    private
+
+    def raw_limits
+      @raw_limits ||= FileLoader.fetch
+    end
+  end
+end

data/lib/rate_limit/configurable.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative 'config'
+
+module RateLimit
+  module Configurable
+    def config
+      @config ||= Config.new
+    end
+
+    def configure
+      yield(config)
+    end
+  end
+end

data/lib/rate_limit/errors/limit_exceeded_error.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module RateLimit
+  module Errors
+    class LimitExceededError < StandardError
+      attr_reader :window
+
+      delegate :topic, :namespace, :value, :threshold, :interval, to: :window
+
+      def initialize(window)
+        @window = window
+
+        super(custom_message)
+      end
+
+      def custom_message
+        "#{topic}: #{namespace} has exceeded #{threshold} in #{interval} seconds"
+      end
+    end
+  end
+end

data/lib/rate_limit/limit.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module RateLimit
+  class Limit
+    attr_accessor :threshold, :interval
+
+    def initialize(threshold, interval)
+      @threshold = threshold
+      @interval  = interval
+    end
+
+    class << self
+      def fetch(topic)
+        RateLimit.config.raw_limits_for(topic).map do |threshold, interval|
+          Limit.new(threshold, interval)
+        end
+      end
+    end
+  end
+end

data/lib/rate_limit/throttler.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module RateLimit
+  class Throttler
+    attr_accessor :topic, :namespace, :value, :limits, :windows
+
+    def initialize(topic:, value:, namespace: nil)
+      @topic     = topic.to_s
+      @value     = value.to_i
+      @namespace = namespace&.to_s
+      @windows   = Limit.fetch(topic).map { |limit| Window.new(self, limit) }
+    end
+
+    def perform!
+      validate_limit!
+
+      yield if block_given?
+
+      increment_cache_counter
+
+      true
+    end
+
+    def perform_only_failures!
+      validate_limit!
+
+      begin
+        yield if block_given?
+      rescue StandardError => e
+        increment_cache_counter
+        raise e
+      end
+
+      true
+    end
+
+    def limit_exceeded?
+      Window.find_exceeded(windows).present?
+    end
+
+    def increment_cache_counter
+      Window.increment_cache_counter(windows)
+    end
+
+    def clear_cache_counter
+      Window.clear_cache_counter(windows)
+    end
+
+    private
+
+    def validate_limit!
+      exceeded_window = Window.find_exceeded(windows)
+
+      raise Errors::LimitExceededError, exceeded_window if exceeded_window
+    end
+  end
+end

data/lib/rate_limit/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module RateLimit
+  VERSION = '0.0.1'
+end

data/lib/rate_limit/window.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module RateLimit
+  class Window
+    attr_accessor :throttler, :limit
+
+    delegate :topic, :namespace, :value, to: :throttler
+    delegate :threshold, :interval, to: :limit
+
+    def initialize(throttler, limit)
+      @throttler = throttler
+      @limit     = limit
+    end
+
+    def key
+      @key ||= [topic, namespace, value, interval].join(':')
+    end
+
+    def cached_counter
+      Cache.read(key).to_i || 0
+    end
+
+    class << self
+      def find_exceeded(windows)
+        windows.find { |w| w.cached_counter >= w.threshold }
+      end
+
+      def increment_cache_counter(windows)
+        Cache.write(
+          windows.each_with_object({}) { |w, h| h[w.key] = w.interval }
+        )
+      end
+
+      def clear_cache_counter(windows)
+        Cache.clear(windows.map(&:key))
+      end
+    end
+  end
+end

data/lib/rate_limit.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'active_support/core_ext/module'
+require_relative 'rate_limit/configurable'
+require_relative 'rate_limit/cache'
+require_relative 'rate_limit/window'
+require_relative 'rate_limit/throttler'
+require_relative 'rate_limit/limit'
+require_relative 'rate_limit/errors/limit_exceeded_error'
+require_relative 'rate_limit/base'
+require_relative 'rate_limit/version'
+
+module RateLimit
+  extend RateLimit::Configurable
+  extend RateLimit::Base
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: rate-limit
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Mohamed Motaweh
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2022-09-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 5.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 5.1.0
+description:
+email:
+- opensource@catawiki.nl
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- lib/rate_limit.rb
+- lib/rate_limit/base.rb
+- lib/rate_limit/cache.rb
+- lib/rate_limit/config.rb
+- lib/rate_limit/config/defaults.rb
+- lib/rate_limit/config/file_loader.rb
+- lib/rate_limit/configurable.rb
+- lib/rate_limit/errors/limit_exceeded_error.rb
+- lib/rate_limit/limit.rb
+- lib/rate_limit/throttler.rb
+- lib/rate_limit/version.rb
+- lib/rate_limit/window.rb
+homepage: https://github.com/catawiki/rate-limit
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/catawiki/rate-limit
+  source_code_uri: https://github.com/catawiki/rate-limit
+  changelog_uri: https://github.com/catawiki/rate-limit/blob/master/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: A Rate Limiting Gem
+test_files: []