rate_limiter 0.0.6 → 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 59402eb858231d2bb8f7478a18c82a49a30268a5d9d7c4842f383a67d9e43ce8
+  data.tar.gz: ee860589d525fb08ab112d60065fc5d44aa76ef2a8f1df32c5edb0f334d0f95a
+SHA512:
+  metadata.gz: fced90a375bdc2787e8a45da94e054379556a747bd38bdca81b46d7055332e267382fd2ef52e9151d0f7e627b61f7d3404b47354c2e42885a875fab93f964a29
+  data.tar.gz: 3deedcb193a1472ef5bdc47da33f995d848c43616165512836ff898d57f6eb82851dd3fcf53be210cc34970528c7944c8c45d387203b155b733cd30836906ff1

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.1.0
+
+* Updated for Rails 5 (and 6).
+* Use `validate` instead of `before_create`.
+* Use minitest for tests.
+
 ## v0.0.6
 
 * Updated dependencies to allow for Rails 4.

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2012-2019 Sean Eshbaugh
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,10 +1,15 @@
 # Rate Limiter
 
-A gem that limits the rate at which ActiveRecord model instances can be created.
+[![Gem Version](https://badge.fury.io/rb/rate_limiter.svg)](https://badge.fury.io/rb/rate_limiter)
+[![Travis](https://travis-ci.com/seaneshbaugh/rate_limiter.svg?branch=master)](https://travis-ci.org/seaneshbaugh/rate_limiter)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/287d36cd30f34a818738/test_coverage)](https://codeclimate.com/github/seaneshbaugh/rate_limiter/test_coverage)
+[![Maintainability](https://api.codeclimate.com/v1/badges/287d36cd30f34a818738/maintainability)](https://codeclimate.com/github/seaneshbaugh/rate_limiter/maintainability)
 
-## Rails Version
+Limit the rate at which ActiveRecord model instances can be created.
 
-This gem has only been tested on Rails 3.2. There is no reason that I am aware of that would prevent it from working on all versions of Rails 3 (and Rails 4 when it is released).
+## Compatibility
+
+This gem is compatible with Ruby 2.5 or greater and Rails 5 or greater. For Ruby versions older than 2.5 or for Rails 3 and 4 use [version 0.0.6](https://rubygems.org/gems/rate_limiter/versions/0.0.6).
 
 ## Installation
 
@@ -14,19 +19,19 @@ Add the gem to your project's Gemfile:
 
 ## Basic Usage
 
-In the models you want to rate limit simply call the `rate_limit` method inside the model.
+In the models you want to rate limit simply call the `rate_limit` class method inside the model.
 
 ```ruby
-class ProductReview < ActiveRecord::Base
+class ProductReview < ApplicationRecord
   rate_limit
 end
 ```
 
-By default this will rate limit creation of instances using the `ip_address` attribute with an interval of one minute. This is kind of a bold assumption (that may change in future versions) since there's a good chance you don't have an `ip_address` attribute on your model. If that's the case then you can do the following:
+By default this will rate limit creation of instances using the `ip_address` attribute with an interval of one minute. This is a pretty big assumption that may change in future versions. To use a different attribute do the following:
 
 ```ruby
-class ProductReview < ActiveRecord::Base
-  rate_limit :on => :username
+class ProductReview < ApplicationRecord
+  rate_limit on: :username
 end
 ```
 
@@ -36,10 +41,14 @@ Because you may want to increase or decrease the interval between creating insta
 
 ```ruby
 class ProductReview < ActiveRecord::Base
-  rate_limit :interval => 3.hours
+  rate_limit interval: 3.hours
 end
 ```
 
+## Credit Where Credit Is Due
+
+Large portions of this gem are copied almost verbatim from the excellent [paper_trail](https://github.com/paper-trail-gem/paper_trail) gem; in particular the overall structure and all of the stuff that handles whether or not rate limiting is active.
+
 ## Contributing
 
 If you feel like you can add something useful to rate_limiter then don't hesitate to contribute! To make sure your fix/feature has a high chance of being included, please do the following:
@@ -61,5 +70,3 @@ Some things that will increase the chance that your pull request is accepted, ta
 * Use Rails idioms and helpers
 * Include tests that fail without your code, and pass with it
 * Update the documentation, guides, or whatever is affected by your contribution
-
-Yes, I am well aware of the irony of asking for tests when there are effectively none right now. This gem is a work in progress.

data/lib/generators/rate_limiter/install_generator.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'rails/generators/base'
+
+module RateLimiter
+  module Generators
+    # Rails generator for installing the default RateLimiter initializer.
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('./templates', __dir__)
+
+      desc 'Creates a RateLimiter initializer and copies a default locale file to your application.'
+
+      def copy_initializer
+        template('rate_limiter.rb', 'config/initializers/rate_limiter.rb')
+      end
+
+      def copy_locale
+        copy_file('../../../../config/locales/en.yml', 'config/locales/rate_limiter.en.yml')
+      end
+    end
+  end
+end

data/lib/generators/rate_limiter/templates/rate_limiter.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+# Configure the default behavior of RateLimiter here.
+RateLimiter.config do |config|
+  # config.timestamp_field = :created_at
+end

data/lib/rate_limiter.rb

@@ -1,63 +1,63 @@
+# frozen_string_literal: true
+
+require 'active_support/all'
+require 'active_record'
+
 require 'rate_limiter/config'
-require 'rate_limiter/controller'
 require 'rate_limiter/model'
+require 'rate_limiter/request'
 
+# Extend your ActiveRecord models with the ability to limit the rate at which
+# they are saved.
 module RateLimiter
-  def self.enabled=(value)
-    RateLimiter.config.enabled = value
-  end
-
-  def self.enabled?
-    !!RateLimiter.config.enabled
-  end
-
-  def self.enabled_for_controller=(value)
-    rate_limiter_store[:request_enabled_for_controller] = value
-  end
-
-  def self.enabled_for_controller?
-    !!rate_limiter_store[:request_enabled_for_controller]
-  end
-
-  def self.timestamp_field=(field_name)
-    RateLimiter.config.timestamp_field = field_name
-  end
-
-  def self.timestamp_field
-    RateLimiter.config.timestamp_field
-  end
-
-  def self.source=(value)
-    rate_limiter_store[:source] = value
-  end
-
-  def self.source
-    rate_limiter_store[:source]
-  end
-
-  def self.controller_info=(value)
-    rate_limiter_store[:controller_info] = value
-  end
-
-  def self.controller_info
-    rate_limiter_store[:controller_info]
-  end
-
-  private
-
-  def self.rate_limiter_store
-    Thread.current[:rate_limiter] ||= { :request_enabled_for_controller => true }
-  end
-
-  def self.config
-    @@config ||= RateLimiter::Config.instance
+  class << self
+    # Return the RateLimiter singleton configuration object. This is for all
+    # threads.
+    def config
+      @config ||= Config.instance
+      yield @config if block_given?
+      @config
+    end
+    alias configure config
+
+    # Switches RateLimiter on or off, for all threads.
+    def enabled=(value)
+      config.enabled = value
+    end
+
+    # Returns `true` if RateLimiter is on, `false if it is off. This is for all
+    # threads.
+    def enabled?
+      config.enabled
+    end
+
+    # Gets the options local to the current request.
+    #
+    # If given a block the options passed in are set, the block is executed,
+    # previous options are restored, and the return value of the block is
+    # returned.
+    def request(options = nil, &block)
+      if options.nil? && !block_given?
+        Request
+      else
+        Request.with(options, &block)
+      end
+    end
   end
 end
 
+# See https://guides.rubyonrails.org/engines.html#what-are-on-load-hooks-questionmark
+# for more information on `on_load` hooks.
 ActiveSupport.on_load(:active_record) do
   include RateLimiter::Model
 end
 
-ActiveSupport.on_load(:action_controller) do
-  include RateLimiter::Controller
+# Load Rails controller extensions if RateLimiter is being used in a Rails
+# application.
+if defined?(::Rails)
+  if defined?(::Rails.application)
+    require 'rate_limiter/frameworks/rails'
+  else
+    Kernel.warn('RateLimiter has been loaded before Rails.')
+  end
 end

data/lib/rate_limiter/config.rb

@@ -1,13 +1,28 @@
+# frozen_string_literal: true
+
 require 'singleton'
 
 module RateLimiter
+  # Global configuration that affects all threads. Thread-specific configuration
+  # can be found in `/lib/rate_limiter.rb` and in
+  # `/lib/rate_limite/frameworks/rails/controller.rb`.
   class Config
     include Singleton
-    attr_accessor :enabled, :timestamp_field
+
+    attr_accessor :rate_limit_defaults
 
     def initialize
-      @enabled         = true
-      @timestamp_field = :created_at
+      @mutex = Mutex.new
+      @enabled = true
+      @rate_limit_defaults = {}
+    end
+
+    def enabled
+      @mutex.synchronize { !!@enabled }
+    end
+
+    def enabled=(enable)
+      @mutex.synchronize { @enabled = enable }
     end
   end
 end

data/lib/rate_limiter/frameworks/rails.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'rate_limiter/frameworks/rails/controller'

data/lib/rate_limiter/frameworks/rails/controller.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module RateLimiter
+  module Rails
+    # Extensions for Rails controllers. Allows for rate limiting to be turned on
+    # or off without disabling it on the model.
+    module Controller
+      def self.included(base)
+        base.before_action(
+          :set_rate_limiter_enabled_for_controller,
+          :set_rate_limiter_source
+        )
+      end
+
+      protected
+
+      # Get the user to use for the source for the current request. By default this will
+      # attempt to return the value of `current_user` since that is what Devise uses. If
+      # that assumption is incorrect this method can be overridden to return the correct
+      # user or ID (or nothing at all).
+      #
+      # ```
+      # def user_for_rate_limiter
+      #   logged_in_user.id
+      # end
+      # ```
+      def user_for_rate_limiter
+        return nil unless respond_to?(:current_user)
+
+        current_user
+      end
+
+      # Returns `true` or `false` depending on whether rate imiting should be
+      # active for the current request for all models.
+      #
+      # Override this method in your controller to turn rate limiting on or off.
+      #
+      # ```
+      # def rate_limiter_enabled_for_controller
+      #   # It is recommended that you always call `super` here unless simply
+      #   # returning `false`.
+      #   super && !user_for_rate_limiter.has_role?(:admin)
+      # end
+      # ```
+      def rate_limiter_enabled_for_controller
+        RateLimiter.enabled?
+      end
+
+      private
+
+      # Tells RateLimiter whether rate limiting should be enabled for the
+      # current request.
+      def set_rate_limiter_enabled_for_controller
+        RateLimiter.request.enabled = rate_limiter_enabled_for_controller
+      end
+
+      # Set the request store's source.
+      def set_rate_limiter_source
+        RateLimiter.request.source = user_for_rate_limiter if rate_limiter_enabled_for_controller
+      end
+    end
+  end
+end
+
+if defined?(::ActionController)
+  ::ActiveSupport.on_load(:action_controller) do
+    include RateLimiter::Rails::Controller
+  end
+end

data/lib/rate_limiter/model.rb

@@ -1,66 +1,48 @@
+# frozen_string_literal: true
+
+require 'rate_limiter/model_config'
+require 'rate_limiter/throttle'
+
 module RateLimiter
+  # Mixin module for ActiveRecord models.
   module Model
     def self.included(base)
-      base.send :extend, ClassMethods
+      base.send(:extend, ClassMethods)
     end
 
+    # Class methods available to models after RateLimiter has been loaded.
     module ClassMethods
+      # Tell the model to limit creation of records based on an attribute for a
+      # given interval of time.
+      #
+      # Options:
+      #
+      # - :on - The attribute to limit on. Defaults to `:ip_address`. Set to an
+      # array to limit on multiple attributes (e.g. `:ip_address` or `:user_id`.
+      # - :interval - The amount of time that must have elapses since the last
+      # record that has the same value as the attribute indicated by the  `:on`
+      # option in seconds. Defaults to 1 minute.
+      # - :if, :unless - Procs that specify the conditions for when record
+      # creation rate limiting should occur.
       def rate_limit(options = {})
-        send :include, InstanceMethods
-
-        class_attribute :rate_limit_on
-        self.rate_limit_on = options[:on] || :ip_address
-
-        class_attribute :rate_limit_interval
-        self.rate_limit_interval = options[:interval] || 1.minute
-
-        class_attribute :rate_limit_if_condition
-        self.rate_limit_if_condition = options[:if]
-
-        class_attribute :rate_limit_unless_condition
-        self.rate_limit_unless_condition = options[:unless]
-
-        class_attribute :rate_limit_enabled_for_model
-        self.rate_limit_enabled_for_model = true
-
-        self.before_create :check_rate_limit
+        defaults = RateLimiter.config.rate_limit_defaults
+        rate_limiter.setup(defaults.merge(options))
       end
 
-      def rate_limit_off
-        self.rate_limit_enabled_for_model = false
-      end
-
-      def rate_limit_on
-        self.rate_limit_enabled_for_model = true
+      def rate_limiter
+        ModelConfig.new(self)
       end
     end
 
+    # Instance methods available to models after RateLimiter has been initialized by
+    # calling `rate_limit`.
     module InstanceMethods
-      def check_rate_limit
-        if switched_on? && rate_limit?
-          klass = self.class
-
-          others = klass.where("#{klass.rate_limit_on.to_s} = ? AND #{RateLimiter.config.timestamp_field.to_s} >= ?", self.send(klass.rate_limit_on), Time.now - klass.rate_limit_interval)
-
-          if others.present?
-            # TODO: Come up with a better error message.
-            self.errors.add(:base, "You cannot create a new #{klass.name.downcase} yet.")
-
-            false
-          else
-            true
-          end
-        else
-          true
-        end
-      end
-
-      def switched_on?
-        RateLimiter.enabled? && RateLimiter.enabled_for_controller? && self.class.rate_limit_enabled_for_model
+      def rate_limit_exceeded?
+        throttle.exceeded?
       end
 
-      def rate_limit?
-        (rate_limit_if_condition.blank? || rate_limit_if_condition.call(self)) && !rate_limit_unless_condition.try(:call, self)
+      def throttle
+        Throttle.new(self, self.class.rate_limiter_options)
       end
     end
   end