rate-limiting 1.0.2

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in rate-limiting.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/init.rb

@@ -0,0 +1 @@
+require 'rate_limiting'

data/lib/rate-limiting/version.rb

@@ -0,0 +1,5 @@
+module Rate
+  module Limiting
+    VERSION = "1.0.2"
+  end
+end

data/lib/rate_limiting.rb

@@ -0,0 +1,125 @@
+require "json"
+require "rule"
+
+class RateLimiting
+
+  def initialize(app, &block)
+    @app = app
+    @rules = []
+    @cache = {}
+    block.call(self)
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+    (limit_header = allowed?(request)) ? respond(env, limit_header) : rate_limit_exceeded(env['HTTP_ACCEPT'])
+  end
+
+  def respond(env, limit_header)
+    status, header, response = @app.call(env)
+    (limit_header.class == Hash) ? [status, header.merge(limit_header), response] : [status, header, response]
+  end
+
+  def rate_limit_exceeded(accept)
+    case accept.gsub(/;.*/, "").split(',')[0]
+    when "text/xml"         then message, type  = xml_error("403", "Rate Limit Exceeded"), "text/xml" 
+    when "application/json" then  message, type  = ["Rate Limit Exceeded"].to_json, "application/json"
+    else 
+      message, type  = ["Rate Limit Exceeded"], "text/html"
+    end
+    [403, {"Content-Type" => type}, message]
+  end
+
+  def define_rule(options)
+    @rules << Rule.new(options)
+  end
+
+  def set_cache(cache)
+    @cache = cache
+  end
+
+  def cache
+    case @cache
+      when Proc then @cache.call
+      else @cache
+    end
+  end
+
+  def cache_has?(key)
+    case 
+    when cache.respond_to?(:has_key?)
+      cache.has_key?(key)
+    when cache.respond_to?(:get)
+      cache.get(key) rescue false
+    else false
+    end
+  end
+
+  def cache_get(key)
+    case
+    when cache.respond_to?(:[])
+      return cache[key]
+    when cache.respond_to?(:get)
+      return cache.get(key) || nil
+    end
+  end
+
+  def cache_set(key, value)
+    case
+    when cache.respond_to?(:[])
+      begin
+        cache[key] = value
+      rescue TypeError => e
+        cache[key] = value.to_s
+      end
+    when cache.respond_to?(:set)
+      cache.set(key, value)
+    end
+  end
+
+  def allowed?(request)
+    if rule = find_matching_rule(request)
+      apply_rule(request, rule)
+    else
+      true
+    end
+  end
+
+  def find_matching_rule(request)
+    @rules.each do |rule|
+      return rule if request.path =~ rule.match
+    end
+    nil
+  end
+
+  def apply_rule(request, rule)
+    key = rule.get_key(request)
+    if cache_has?(key)
+      record = cache_get(key)
+      if (reset = record.split(':')[1]) > Time.now.strftime("%d%m%y%H%M%S")
+        if (times = record.split(':')[0].to_i) < rule.limit
+          response = get_header(times + 1, reset, rule.limit)
+          record = record.gsub(/.*:/, "#{times + 1}:")
+        else
+          return false
+        end
+      else
+        response = get_header(1, reset = rule.get_expiration, rule.limit)
+        cache_set(key, "1:" + rule.get_expiration)
+      end
+    else
+      response = get_header(1, reset = rule.get_expiration, rule.limit)
+      cache_set(key, "1:" + rule.get_expiration)
+    end
+    response
+  end
+
+  def get_header(times, reset, limit)
+    {'x-RateLimit-Limit' => limit.to_s, 'x-RateLimit-Remaining' => (limit - times).to_s, 'x-RateLimit-Reset' => reset.to_s }
+  end
+
+  def xml_error(code, message)
+    "<?xml version=\"1.0\"?>\n<error>\n  <code>#{code}</code>\n  <message>#{message}</message>\n</error>"
+  end
+  
+end

data/lib/rule.rb

@@ -0,0 +1,57 @@
+class Rule
+
+  def initialize(options)
+    default_options = { 
+      :match => /.*/,
+      :metric => :rph,
+      :type => :frequency,
+      :limit => 100,
+      :per_ip => true,
+      :token => false
+    }   
+    @options = default_options.merge(options)
+  
+  end
+
+  def match
+    @options[:match].class == String ? Regexp.new(@options[:match] + "$") : @options[:match]
+  end
+
+  def limit
+    (@options[:type] == :frequency ? 1 : @options[:limit])
+  end 
+
+  def get_expiration
+    (Time.now + ( @options[:type] == :frequency ? get_frequency : get_fixed )).strftime("%d%m%y%H%M%S")
+  end 
+
+  def get_frequency
+    case @options[:metric]
+    when :rpd
+      return (86400/@options[:limit] == 0 ? 1 : 86400/@options[:limit])
+    when :rph
+      return (3600/@options[:limit] == 0 ? 1 : 3600/@options[:limit])
+    when :rpm
+      return (60/@options[:limit] == 0 ? 1 : 60/@options[:limit])
+    end
+  end
+
+  def get_fixed
+    case @options[:metric]
+    when :rpd
+      return 86400
+    when :rph
+      return 3600
+    when :rpm
+      return 60
+    end
+  end
+
+  def get_key(request)
+    key = request.path
+    key = key + request.ip.to_s if @options[:per_ip]
+    key = key + request.params[@options[:token].to_s] if @options[:token]
+    key
+  end
+end
+

data/rate-limiting.gemspec

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "rate-limiting/version"
+
+Gem::Specification.new do |s|
+  s.name        = "rate-limiting"
+  s.version     = Rate::Limiting::VERSION
+  s.authors     = ["alepaez, pnegri"]
+  s.email       = ["alexandre@iugu.com.br"]
+  s.homepage    = "https://github.com/iugu/rate-limiting"
+  s.summary     = %q{Rack Rate-Limit Gem}
+  s.description = %q{Easy way to Rate Limit your Rack app}
+
+  s.rubyforge_project = "rate-limiting"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  # s.add_development_dependency "rspec"
+  # s.add_runtime_dependency "rest-client"
+
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "rack-test"
+  s.add_dependency "json"
+
+end

data/readme.md

@@ -0,0 +1,50 @@
+Rate Limiting
+===============
+
+
+How to use it
+----------------
+
+**Adding to Rails 3.x**
+
+\# config/application.rb
+
+>     class Application < Rails::Application
+>
+>       config.middleware.use RateLimiting do |r|
+>
+>         r.define_rule( :match => '/resource', :type => :fixed, :metric => :rph, :limit => 300 )
+>
+>       end
+>
+>     end
+
+Rule Options
+----------------
+
+**match**
+
+Accepts aimed resource path or Regexp like '/resource' or "/resource/.*"
+
+**metric**
+
+:rpd  -  Requests per Day
+
+:rph  -  Requests per Hour
+
+:rpm  -  Requests per Minute
+
+**type**
+
+:frequency  -  1 request per (time/limit)
+
+:fixed - limit requests per time
+
+**token**
+
+:foo - limit by request parameter 'foo'
+
+**per_ip**
+
+Boolean, true = limit by IP
+

data/spec/fixed/rpd_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe "Fixed/rpd rule request" do
+  include Rack::Test::Methods
+
+  it 'should be allowed if not exceed limit' do
+    get '/fixed/rpd', {}, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end 
+
+  it 'should not be allowed if exceed limit' do
+    2.times { get '/fixed/rpd', {}, {'HTTP_ACCEPT' => "text/html"} }
+    last_response.body.should show_not_allowed_response
+  end 
+  
+end
+

data/spec/fixed/rph_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe "Fixed/rph rule request" do
+  include Rack::Test::Methods
+
+  it 'should be allowed if not exceed limit' do
+    get '/fixed/rph', {}, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end
+
+  it 'should not be allowed if exceed limit' do
+    2.times { get '/fixed/rph', {}, {'HTTP_ACCEPT' => "text/html"} }
+    last_response.body.should show_not_allowed_response
+  end
+  
+end

data/spec/fixed/rpm_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe "Fixed/rpm rule request" do
+  include Rack::Test::Methods
+
+  it 'should be allowed if not exceed limit' do
+    get '/fixed/rpm', {}, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end 
+
+  it 'should not be allowed if exceed limit' do
+    2.times { get '/fixed/rpm', {}, {'HTTP_ACCEPT' => "text/html"} }
+    last_response.body.should show_not_allowed_response
+  end 
+  
+end
+

data/spec/frequency/rpd_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe "Frequency/rpd rule request" do
+  include Rack::Test::Methods
+
+  it 'should be allowed if not exceed 1 request per min' do
+    get '/freq/rpd', {}, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end 
+
+  it 'should not be allowed if exceed 1 request per min' do
+    2.times { get '/freq/rpd', {}, {'HTTP_ACCEPT' => "text/html"} }
+  end 
+  
+end
+

data/spec/frequency/rph_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe "Frequency/rph rule request" do
+  include Rack::Test::Methods
+
+  it 'should be allowed if not exceed 1 request per min' do
+    get '/freq/rph', {}, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end
+
+  it 'should not be allowed if exceed 1 request per min' do
+    2.times { get '/freq/rph', {}, {'HTTP_ACCEPT' => "text/html"} }
+    last_response.body.should show_not_allowed_response
+  end
+  
+end

data/spec/frequency/rpm_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe "Frequency/rpm rule request" do
+  include Rack::Test::Methods
+
+  it 'should be allowed if not exceed 1 request per min' do
+    get '/freq/rpm', {}, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end 
+
+  it 'should not be allowed if exceed 1 request per min' do
+    2.times { get '/freq/rpm', {}, {'HTTP_ACCEPT' => "text/html"} }
+    last_response.body.should show_not_allowed_response
+  end 
+  
+end
+

data/spec/headers_spec.rb

@@ -0,0 +1,54 @@
+require "spec_helper"
+
+describe "response headers" do
+  include Rack::Test::Methods
+
+  context "limited request" do
+    before(:each) do
+      get '/header', {}, {'HTTP_ACCEPT' => 'text/html'}
+    end
+
+    it 'should have x-RateLimit-Limit' do
+      last_response.header.should include "x-RateLimit-Limit"
+    end
+  
+    it 'should have x-RateLimit-Remaining' do
+      last_response.header.should include "x-RateLimit-Remaining"
+    end
+  
+    it 'should have x-RateLimit-Reset' do
+      last_response.header.should include "x-RateLimit-Reset"
+    end
+    
+    it 'should have the right limit' do
+      last_response.header['x-RateLimit-Limit'].should == 1
+    end
+
+    it 'should have the right remaining' do
+      last_response.header['x-RateLimit-Remaining'].should == 0
+    end
+
+  end
+
+  context "not limited request" do
+
+    before(:each) do
+      get '/not_limited'
+    end
+
+    it 'should have x-RateLimit-Limit' do
+      last_response.header.should_not include "x-RateLimit-Limit"
+    end
+    
+    it 'should have x-RateLimit-Remaining' do
+      last_response.header.should_not include "x-RateLimit-Remaining"
+    end
+  
+    it 'should have x-RateLimit-Reset' do
+      last_response.header.should_not include "x-RateLimit-Reset"
+    end
+
+  end
+
+
+end

data/spec/html_request_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe "html request" do
+
+  include Rack::Test::Methods
+
+  it 'should receive allowed' do
+    app.should_receive(:allowed?).twice
+    get '/test', {}, {'HTTP_ACCEPT' => "text/html"}
+    get '/test2', {}, {'HTTP_ACCEPT' => "text/html"}
+  end 
+
+  it 'should receive allowed' do
+    2.times { get '/html', {}, {'HTTP_ACCEPT' => "text/html"} } 
+    last_response.content_type.should == "text/html"
+  end 
+
+end
+

data/spec/json_request_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe "json request" do
+  include Rack::Test::Methods
+  it 'should receive allowed' do
+    2.times { get '/json', {}, {'HTTP_ACCEPT' => "application/json"} } 
+    last_response.content_type.should == "application/json"
+  end 
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,63 @@
+require 'rspec'
+require 'rack/test'
+require 'rate_limiting'
+
+def test_app
+  @test_app ||= mock("Test Rack App")
+  @test_app.stub!(:call).with(anything()).and_return([200, {}, "Test App Body"])
+  @test_app
+end
+
+def app
+  @test_app ||= test_app
+  @app ||= RateLimiting.new(@test_app) do |r| 
+    r.define_rule(:match => '/html', :limit => 1)  
+    r.define_rule(:match => '/json', :metric => :rph, :type => :frequency, :limit => 60)
+    r.define_rule(:match => '/xml', :metric => :rph, :type => :frequency, :limit => 60)
+    r.define_rule(:match => '/token/ip', :limit => 1, :token => :id, :per_ip => true)
+    r.define_rule(:match => '/token', :limit => 1, :token => :id, :per_ip => false)
+    r.define_rule(:match => '/fixed/rpm', :metric => :rpm, :type => :fixed, :limit => 1)
+    r.define_rule(:match => '/fixed/rph', :metric => :rph, :type => :fixed, :limit => 1)
+    r.define_rule(:match => '/fixed/rpd', :metric => :rpd, :type => :fixed, :limit => 1)
+    r.define_rule(:match => '/freq/rpm', :metric => :rpm, :type => :frequency, :limit => 1)
+    r.define_rule(:match => '/freq/rph', :metric => :rph, :type => :frequency, :limit => 60)
+    r.define_rule(:match => '/freq/rpd', :metric => :rpd, :type => :frequency, :limit => 1440)
+    r.define_rule(:match => '/header', :metric => :rph, :type => :frequency, :limit => 60)
+  end 
+end
+
+Spec::Matchers.define :show_allowed_response do
+  match do |body|
+    body.include?("Test App Body")
+  end
+
+  failure_message_for_should do
+    "expected response to show the allowed response"
+  end
+
+  failure_message_for_should_not do
+    "expected response not to show the allowed response"
+  end
+
+  description do
+    "expected the allowed response"
+  end
+end
+
+Spec::Matchers.define :show_not_allowed_response do
+  match do |body|
+    body.include?("Rate Limit Exceeded")
+  end
+
+  failure_message_for_should do
+    "expected response to show the not allowed response"
+  end
+
+  failure_message_for_should_not do
+    "expected response not to show the not allowed response"
+  end
+
+  description do
+    "expected the not allowed response"
+  end
+end

data/spec/token_spec.rb

@@ -0,0 +1,36 @@
+require "spec_helper"
+
+describe "defined token rule" do
+  include Rack::Test::Methods
+
+  it 'should allow diferent ids' do
+    get '/token', { :id => "1" }, {'HTTP_ACCEPT' => "text/html"}
+    get '/token', { :id => "2" }, {'HTTP_ACCEPT' => "text/html"}
+    last_response.body.should show_allowed_response
+  end
+
+  it 'should not allow equal ids' do
+    2.times { get '/token', { :id => "1" }, {'HTTP_ACCEPT' => "text/html"} }
+    last_response.body.should show_not_allowed_response
+  end
+
+  context "+ per_ip" do
+
+    it 'should allow diferent ids' do
+      get '/token/ip', { :id => "1" }, {'HTTP_ACCEPT' => "text/html"}
+      get '/token/ip', { :id => "2" }, {'HTTP_ACCEPT' => "text/html"}
+      last_response.body.should show_allowed_response
+    end
+  
+    it 'should not allow equal ids' do
+      2.times { get '/token/ip', { :id => "1" }, {'HTTP_ACCEPT' => "text/html"} }
+      last_response.body.should show_not_allowed_response
+    end
+    
+  
+  end
+
+end
+
+
+

data/spec/xml_request_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+describe "xml request" do
+
+  include Rack::Test::Methods
+
+  it 'should receive allowed' do
+    2.times { get '/xml', {}, {'HTTP_ACCEPT' => "text/xml"} } 
+    last_response.content_type.should == "text/xml"
+  end 
+
+end
+

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: rate-limiting
+version: !ruby/object:Gem::Version
+  version: 1.0.2
+  prerelease: 
+platform: ruby
+authors:
+- alepaez, pnegri
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Easy way to Rate Limit your Rack app
+email:
+- alexandre@iugu.com.br
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Rakefile
+- init.rb
+- lib/rate-limiting/version.rb
+- lib/rate_limiting.rb
+- lib/rule.rb
+- rate-limiting.gemspec
+- readme.md
+- spec/fixed/rpd_spec.rb
+- spec/fixed/rph_spec.rb
+- spec/fixed/rpm_spec.rb
+- spec/frequency/rpd_spec.rb
+- spec/frequency/rph_spec.rb
+- spec/frequency/rpm_spec.rb
+- spec/headers_spec.rb
+- spec/html_request_spec.rb
+- spec/json_request_spec.rb
+- spec/spec_helper.rb
+- spec/token_spec.rb
+- spec/xml_request_spec.rb
+homepage: https://github.com/iugu/rate-limiting
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: rate-limiting
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Rack Rate-Limit Gem
+test_files:
+- spec/fixed/rpd_spec.rb
+- spec/fixed/rph_spec.rb
+- spec/fixed/rpm_spec.rb
+- spec/frequency/rpd_spec.rb
+- spec/frequency/rph_spec.rb
+- spec/frequency/rpm_spec.rb
+- spec/headers_spec.rb
+- spec/html_request_spec.rb
+- spec/json_request_spec.rb
+- spec/spec_helper.rb
+- spec/token_spec.rb
+- spec/xml_request_spec.rb