reactive-actions 0.1.0.pre.alpha.2 → 0.1.0.pre.alpha.3

data/lib/reactive_actions/controller/rate_limiter.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+module ReactiveActions
+  module Controller
+    # Controller module that adds rate limiting functionality
+    # Include this module in any controller that needs rate limiting
+    module RateLimiter
+      extend ActiveSupport::Concern
+
+      included do
+        # Add rate limiting before_action ONLY if enabled
+        before_action :check_global_rate_limit, if: :should_check_global_rate_limit?
+      end
+
+      private
+
+      # Determine if global rate limiting should be checked
+      def should_check_global_rate_limit?
+        ReactiveActions.configuration.global_rate_limiting_active?
+      end
+
+      # Main rate limiting check method
+      def check_global_rate_limit
+        # Double-check that rate limiting is enabled (safety measure)
+        return unless ReactiveActions.configuration.rate_limiting_enabled
+
+        rate_limit_info = ReactiveActions::RateLimiter.check!(
+          key: global_rate_limit_key,
+          limit: ReactiveActions.configuration.global_rate_limit,
+          window: ReactiveActions.configuration.global_rate_limit_window
+        )
+
+        # Add rate limit headers to response
+        add_rate_limit_headers(rate_limit_info)
+      rescue ReactiveActions::RateLimitExceededError => e
+        add_rate_limit_headers_for_exceeded(e)
+        handle_rate_limit_exceeded_error(e)
+      end
+
+      # Generate the cache key for global rate limiting
+      def global_rate_limit_key
+        # Use the configured key generator or default logic
+        if ReactiveActions.configuration.rate_limit_key_generator
+          action_name = respond_to?(:extract_action_name, true) ? extract_action_name : 'unknown'
+          ReactiveActions.configuration.rate_limit_key_generator.call(request, action_name)
+        else
+          default_global_rate_limit_key
+        end
+      end
+
+      # Default key generation strategy
+      def default_global_rate_limit_key
+        # Prefer user-based limiting if available, fallback to IP
+        if respond_to?(:current_user, true) && current_user
+          "global:user:#{current_user.id}"
+        elsif request.respond_to?(:remote_ip)
+          "global:ip:#{request.remote_ip}"
+        else
+          "global:unknown:#{SecureRandom.hex(8)}"
+        end
+      end
+
+      # Add rate limit headers to successful responses
+      def add_rate_limit_headers(rate_limit_info)
+        rate_limit_basic_headers(rate_limit_info)
+        rate_limit_reset_header(rate_limit_info)
+      end
+
+      # Add rate limit headers for exceeded limits
+      def add_rate_limit_headers_for_exceeded(error)
+        rate_limit_exceeded_headers(error)
+        rate_limit_retry_after_header(error)
+      end
+
+      # Set basic rate limit headers
+      def rate_limit_basic_headers(rate_limit_info)
+        response.headers['X-RateLimit-Limit'] = rate_limit_info[:limit].to_s
+        response.headers['X-RateLimit-Remaining'] = rate_limit_info[:remaining].to_s
+        response.headers['X-RateLimit-Window'] = rate_limit_info[:window].to_i.to_s
+      end
+
+      # Set rate limit reset header based on window
+      def rate_limit_reset_header(rate_limit_info)
+        window_seconds = rate_limit_info[:window].to_i
+        current_window_start = (Time.current.to_i / window_seconds) * window_seconds
+        reset_time = current_window_start + window_seconds
+        response.headers['X-RateLimit-Reset'] = reset_time.to_s
+      end
+
+      # Set headers for exceeded rate limits
+      def rate_limit_exceeded_headers(error)
+        response.headers['X-RateLimit-Limit'] = error.limit.to_s
+        response.headers['X-RateLimit-Remaining'] = '0'
+        response.headers['X-RateLimit-Window'] = error.window.to_i.to_s
+        response.headers['X-RateLimit-Reset'] = (Time.current + error.retry_after).to_i.to_s
+      end
+
+      # Set retry after header
+      def rate_limit_retry_after_header(error)
+        response.headers['Retry-After'] = error.retry_after.to_s
+      end
+
+      # Handle rate limit exceeded errors
+      # Override this method in your controller if you need custom handling
+      def handle_rate_limit_exceeded_error(error)
+        # Check if the including controller has its own error handling
+        if respond_to?(:handle_reactive_actions_error, true)
+          handle_reactive_actions_error(error)
+        else
+          # Default rate limit error response - only render if not already rendered
+          render_rate_limit_error(error) unless performed?
+        end
+      end
+
+      # Default rate limit error rendering
+      def render_rate_limit_error(error)
+        render json: {
+          success: false,
+          error: {
+            type: 'RateLimitExceededError',
+            message: error.message,
+            code: 'RATE_LIMIT_EXCEEDED',
+            limit: error.limit,
+            window: error.window.to_i,
+            retry_after: error.retry_after
+          }
+        }, status: :too_many_requests
+      end
+
+      # Get current rate limit status without consuming a request
+      def rate_limit_status
+        return nil unless ReactiveActions.configuration.rate_limiting_enabled
+
+        ReactiveActions::RateLimiter.status(
+          key: global_rate_limit_key,
+          limit: ReactiveActions.configuration.global_rate_limit,
+          window: ReactiveActions.configuration.global_rate_limit_window
+        )
+      end
+
+      # Reset rate limit for current key (useful for testing or admin overrides)
+      def reset_rate_limit!
+        return unless ReactiveActions.configuration.rate_limiting_enabled
+
+        ReactiveActions::RateLimiter.reset!(
+          key: global_rate_limit_key,
+          window: ReactiveActions.configuration.global_rate_limit_window
+        )
+      end
+
+      # Helper method to log rate limiting events
+      def log_rate_limit_event(event_type, details = {})
+        ReactiveActions.logger.info(
+          "Rate Limit #{event_type.to_s.capitalize}: #{global_rate_limit_key} - #{details}"
+        )
+      end
+
+      # Class methods for the RateLimiter module
+      module ClassMethods
+        # Configure rate limiting for specific actions
+        # Example: rate_limit_action :show, limit: 100, window: 1.minute
+        def rate_limit_action(action_name, limit:, window:, **options)
+          before_action(**options) do
+            next unless ReactiveActions.configuration.rate_limiting_enabled
+
+            rate_limit_info = ReactiveActions::RateLimiter.check!(
+              key: "action:#{action_name}:#{global_rate_limit_key}",
+              limit: limit,
+              window: window
+            )
+
+            add_rate_limit_headers(rate_limit_info)
+          rescue ReactiveActions::RateLimitExceededError => e
+            add_rate_limit_headers_for_exceeded(e)
+            handle_rate_limit_exceeded_error(e)
+          end
+        end
+
+        # Skip rate limiting for specific actions
+        # Example: skip_rate_limiting :health_check, :status
+        def skip_rate_limiting(*action_names)
+          skip_before_action :check_global_rate_limit, only: action_names
+        end
+      end
+    end
+  end
+end

data/lib/reactive_actions/errors.rb

@@ -21,4 +21,21 @@ module ReactiveActions
 
   # Raised when the user is not authorized to perform the action
   class UnauthorizedError < Error; end
+
+  # Raised when a security check fails
+  class SecurityCheckError < Error; end
+
+  # Raised when rate limit is exceeded
+  class RateLimitExceededError < Error
+    attr_reader :limit, :window, :retry_after, :current
+
+    def initialize(limit:, window:, retry_after:, current:, message: nil)
+      @limit = limit
+      @window = window
+      @retry_after = retry_after
+      @current = current
+
+      super(message || "Rate limit exceeded: #{current}/#{limit} requests in #{window.inspect}")
+    end
+  end
 end

data/lib/reactive_actions/rate_limiter.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+module ReactiveActions
+  # Core rate limiting class that handles Rails cache operations
+  # Provides atomic operations for checking, incrementing, and managing rate limits
+  class RateLimiter
+    class << self
+      # Check if the request is within rate limits
+      # @param key [String] The cache key to use for rate limiting
+      # @param limit [Integer] Maximum number of requests allowed
+      # @param window [ActiveSupport::Duration] Time window for the limit
+      # @param cost [Integer] Cost of this request (default: 1)
+      # @return [Hash] Rate limit information
+      # @raise [RateLimitExceededError] When rate limit is exceeded
+      def check!(key:, limit:, window:, cost: 1)
+        cache_key = build_cache_key(key, window)
+        current_count = get_current_count(cache_key)
+
+        # Check if this request would exceed the limit
+        raise_rate_limit_error(current_count, limit, window, cache_key) if current_count + cost > limit
+
+        # Only increment if cost > 0
+        new_count = if cost.positive?
+                      increment_cache_counter(cache_key, cost, window)
+                    else
+                      current_count
+                    end
+
+        build_result(new_count, limit, window, cache_key)
+      end
+
+      # Check rate limit without raising an error
+      # @param key [String] The cache key to use for rate limiting
+      # @param limit [Integer] Maximum number of requests allowed
+      # @param window [ActiveSupport::Duration] Time window for the limit
+      # @return [Hash] Rate limit information with :exceeded boolean
+      def check(key:, limit:, window:)
+        cache_key = build_cache_key(key, window)
+        current_count = get_current_count(cache_key)
+
+        if current_count >= limit
+          ttl = get_ttl(cache_key, window)
+          {
+            limit: limit,
+            remaining: 0,
+            current: current_count,
+            window: window,
+            exceeded: true,
+            retry_after: ttl,
+            key: cache_key
+          }
+        else
+          {
+            limit: limit,
+            remaining: limit - current_count,
+            current: current_count,
+            window: window,
+            exceeded: false,
+            key: cache_key
+          }
+        end
+      end
+
+      # Reset rate limit for a key
+      # @param key [String] The cache key to reset
+      # @param window [ActiveSupport::Duration] Time window for the limit
+      def reset!(key:, window:)
+        cache_key = build_cache_key(key, window)
+        cache_store.delete(cache_key)
+        cache_store.delete("#{cache_key}:ttl")
+      end
+
+      # Get current rate limit status
+      # @param key [String] The cache key to check
+      # @param limit [Integer] Maximum number of requests allowed
+      # @param window [ActiveSupport::Duration] Time window for the limit
+      # @return [Hash] Current rate limit status
+      def status(key:, limit:, window:)
+        cache_key = build_cache_key(key, window)
+        current = get_current_count(cache_key)
+        ttl = get_ttl(cache_key, window)
+
+        {
+          limit: limit,
+          remaining: [limit - current, 0].max,
+          current: current,
+          window: window,
+          reset_at: Time.current + ttl.seconds
+        }
+      end
+
+      private
+
+      # Get the appropriate cache store
+      # In test environment with NullStore, use MemoryStore instead
+      def cache_store
+        @cache_store ||= if Rails.cache.is_a?(ActiveSupport::Cache::NullStore)
+                           ActiveSupport::Cache::MemoryStore.new
+                         else
+                           Rails.cache
+                         end
+      end
+
+      # Get current count from cache
+      def get_current_count(cache_key)
+        cache_store.read(cache_key) || 0
+      end
+
+      # Get TTL for cache key
+      def get_ttl(cache_key, window)
+        cache_store.read("#{cache_key}:ttl") || window.to_i
+      end
+
+      # Raise rate limit exceeded error
+      def raise_rate_limit_error(current_count, limit, window, cache_key)
+        remaining_ttl = get_ttl(cache_key, window)
+        raise RateLimitExceededError.new(
+          limit: limit,
+          window: window,
+          retry_after: remaining_ttl,
+          current: current_count
+        )
+      end
+
+      # Increment the counter in cache
+      def increment_cache_counter(cache_key, cost, window)
+        # Try atomic increment first (if supported)
+        new_count = cache_store.increment(cache_key, cost)
+
+        if new_count.nil?
+          # Key doesn't exist or increment not supported, use read-modify-write
+          current = cache_store.read(cache_key) || 0
+          new_count = current + cost
+          cache_store.write(cache_key, new_count, expires_in: window)
+
+          # Set TTL tracking
+          cache_store.write("#{cache_key}:ttl", window.to_i, expires_in: window) unless cache_store.exist?("#{cache_key}:ttl")
+        else
+          # Increment worked, ensure TTL is set
+          cache_store.write("#{cache_key}:ttl", window.to_i, expires_in: window) unless cache_store.exist?("#{cache_key}:ttl")
+        end
+
+        new_count
+      end
+
+      # Build result hash
+      def build_result(count, limit, window, cache_key)
+        {
+          limit: limit,
+          remaining: [limit - count, 0].max,
+          current: count,
+          window: window,
+          key: cache_key
+        }
+      end
+
+      # Build a cache key that includes the time window
+      # This ensures different windows don't interfere with each other
+      def build_cache_key(key, window)
+        window_start = (Time.current.to_i / window.to_i) * window.to_i
+        "reactive_actions:rate_limit:#{key}:#{window_start}:#{window.to_i}"
+      end
+    end
+  end
+end

data/lib/reactive_actions/reactive_action.rb

@@ -4,6 +4,9 @@ module ReactiveActions
   # Base class for reactive actions
   # Provides common functionality for executing actions and handling responses
   class ReactiveAction
+    include Concerns::SecurityChecks
+    include Concerns::RateLimiter
+
     attr_reader :action_params, :result, :controller
 
     # Initialize a new reactive action
@@ -25,6 +28,8 @@ module ReactiveActions
       ReactiveActions.logger.info "Running action #{self.class.name} with params: #{action_params.inspect}"
 
       begin
+        # Run security checks first
+        run_security_checks
         # Run the action
         controller.instance_exec(&method(:action))
         # Run the response

data/lib/reactive_actions/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ReactiveActions
-  VERSION = '0.1.0-alpha.2'
+  VERSION = '0.1.0-alpha.3'
 end

data/lib/reactive_actions.rb

@@ -3,8 +3,12 @@
 require 'reactive_actions/version'
 require 'reactive_actions/configuration'
 require 'reactive_actions/engine'
-require 'reactive_actions/reactive_action'
 require 'reactive_actions/errors'
+require 'reactive_actions/rate_limiter'
+require 'reactive_actions/controller/rate_limiter'
+require 'reactive_actions/concerns/rate_limiter'
+require 'reactive_actions/concerns/security_checks'
+require 'reactive_actions/reactive_action'
 
 # Main namespace for the ReactiveActions gem
 # Provides functionality for creating and executing reactive actions in Rails applications

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reactive-actions
 version: !ruby/object:Gem::Version
-  version: 0.1.0.pre.alpha.2
+  version: 0.1.0.pre.alpha.3
 platform: ruby
 authors:
 - Istvan Meszaros
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-06-12 00:00:00.000000000 Z
+date: 2025-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -52,9 +52,13 @@ files:
 - lib/generators/reactive_actions/install/templates/initializer.rb
 - lib/reactive-actions.rb
 - lib/reactive_actions.rb
+- lib/reactive_actions/concerns/rate_limiter.rb
+- lib/reactive_actions/concerns/security_checks.rb
 - lib/reactive_actions/configuration.rb
+- lib/reactive_actions/controller/rate_limiter.rb
 - lib/reactive_actions/engine.rb
 - lib/reactive_actions/errors.rb
+- lib/reactive_actions/rate_limiter.rb
 - lib/reactive_actions/reactive_action.rb
 - lib/reactive_actions/version.rb
 homepage: https://github.com/IstvanMs/reactive-actions