reputable 0.1.18 → 0.1.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40be87edb5494144f499f263572e00d98331cd07913239fca32b5ce71450df26
-  data.tar.gz: 63cfe644b94396a6d72b05a75a45076e8bc41196f6c4970307992e6260d6f86f
+  metadata.gz: 6060e2e9fd11f70f0722c0f9683c1fe334f75aced2791dfde4a6336b5f08b429
+  data.tar.gz: 0c92fbbcc06ec6473e4af1c64b87003c92555c2137643d021b149aa3416a0acc
 SHA512:
-  metadata.gz: ed8aee9a76c98611718621fde0c1dada4aff7449092c9fc6cd1990d545b91ee1641c169d841eea12b2b0eeb56edc399e2f8db612041565a2d90dbf76bad34d92
-  data.tar.gz: 5b2eeb4fb8ddbf12beeb989b0a33aa5f42352c6a131ca1211ad5475b19978ba8244dbf52504555256aa0d79eb58935ab23be05cd503405d11d35b835bca506c0
+  metadata.gz: 1fee3bf3e197dbad2377296119ef87d43657f37a008982af4c14b15f39fcff0c59c13054a8d132b5c568cd31f695183e58b54ab34affac94a342893de7ace262
+  data.tar.gz: 43a20b7d26fcc4a0464e0c29c15be6cf25874335ea841c4b77c704dca2f4b4fdf94d42cd60ec2638ea29c3cbfdefef1bdf5bd161b22c907275853866e83cf703

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    reputable (0.1.18)
+    reputable (0.1.20)
       connection_pool (~> 2.2)
       redis (>= 4.0, < 6.0)
 

data/README.md

@@ -305,44 +305,6 @@ Notes:
 - Use `blocked_page_path` only for local blocked pages (or to build a custom `failure_url`).
 - Override `challenge_redirect_status` (default `302`) or `verification_force_challenge` if needed.
 
-### ASN Fallback
-
-When an IP has no reputation, the middleware can fall back to checking ASN reputation. This is useful for blocking/challenging entire ASNs (e.g., datacenter ASNs known for abuse).
-
-**Enable via environment variable:**
-```bash
-REPUTABLE_ASN_FALLBACK=true
-REPUTABLE_ASN_HEADER=HTTP_X_ASN  # Optional, defaults to HTTP_X_ASN
-```
-
-**Enable via configuration:**
-```ruby
-Reputable.configure do |config|
-  config.asn_fallback = true
-  config.asn_header = "HTTP_X_ASN"  # Or HTTP_CF_ASN for Cloudflare, etc.
-end
-```
-
-**Enable via middleware option:**
-```ruby
-config.middleware.use Reputable::Middleware,
-  reputation_gate: true,
-  asn_fallback: true
-```
-
-**How it works:**
-1. Middleware looks up IP reputation first
-2. If IP has no reputation and ASN fallback is enabled, it extracts ASN from the configured header
-3. If ASN has a reputation (blocked, challenged), that decision is applied
-4. The `env['reputable.reputation_source']` is set to `'asn'` when using ASN-based decision
-
-**Providing ASN from your app:**
-If your app has its own GeoIP lookup, set the ASN directly:
-```ruby
-# In a before_action or middleware
-request.env['reputable.asn'] = lookup_asn_for_ip(request.remote_ip)
-```
-
 ### Server/JS Request Reconciliation
 
 When using both server-side tracking (Rack middleware) and client-side JavaScript tracking, requests can be double-counted. The reconciliation system prevents this by correlating requests using a unique `request_id`.
@@ -566,6 +528,58 @@ Reputable.lookup_reputation(:asn, "15169")
 
 **Note:** ASNs are normalized automatically - both `"15169"` and `"AS15169"` work.
 
+### Enforcing ASN Reputation in Controllers
+
+If you want to challenge or block requests based on ASN reputation (independent of the middleware's IP-based gate), add a controller filter:
+
+```ruby
+# app/controllers/application_controller.rb
+class ApplicationController < ActionController::Base
+  before_action :enforce_asn_reputation
+
+  private
+
+  def enforce_asn_reputation
+    return if reputable_verified?
+    
+    asn = request_asn
+    return unless asn
+    
+    if Reputable.challenged_asn?(asn)
+      redirect_to Reputable.verification_url(
+        return_url: request.original_url,
+        session_id: session.id.to_s
+      ), status: 302, allow_other_host: true
+    elsif Reputable.blocked_asn?(asn)
+      redirect_to Reputable.blocked_page_url, status: 302, allow_other_host: true
+    end
+  end
+
+  def reputable_verified?
+    session[:reputable_verified] || session[:reputable_verified_at].present?
+  end
+
+  def request_asn
+    # Option 1: From a header (if HAProxy/Cloudflare provides it)
+    # request.headers["X-ASN"]&.sub(/^AS/i, "")
+    
+    # Option 2: From your own GeoIP lookup
+    # GeoIP.lookup(request.remote_ip)&.asn
+    
+    # Option 3: Stored in request.env from earlier middleware
+    # request.env["app.asn"]
+  end
+end
+```
+
+To apply only to specific controllers or actions:
+
+```ruby
+class CheckoutController < ApplicationController
+  before_action :enforce_asn_reputation, only: [:create]
+end
+```
+
 ---
 
 ## User Verification & Trust Flow

data/lib/reputable/configuration.rb

@@ -15,8 +15,7 @@ module Reputable
                   :connect_timeout, :read_timeout, :write_timeout,
                   :ssl_params, :trusted_proxies, :ip_header_priority,
                   :on_error, :trusted_keys, :base_url,
-                  :site_name, :support_email, :support_url,
-                  :asn_fallback, :asn_header
+                  :site_name, :support_email, :support_url
 
     # Alias for backward compatibility
     alias_method :verification_base_url, :base_url
@@ -83,10 +82,6 @@ module Reputable
       @site_name = ENV["REPUTABLE_SITE_NAME"]
       @support_email = ENV["REPUTABLE_SUPPORT_EMAIL"]
       @support_url = ENV["REPUTABLE_SUPPORT_URL"]
-      
-      # ASN fallback: when IP has no reputation, check ASN reputation
-      @asn_fallback = env_truthy?("REPUTABLE_ASN_FALLBACK")
-      @asn_header = ENV.fetch("REPUTABLE_ASN_HEADER", "HTTP_X_ASN")
     end
 
     # Alias for backward compatibility
@@ -163,20 +158,5 @@ module Reputable
     rescue IPAddr::InvalidAddressError
       false
     end
-
-    # Check if ASN fallback is enabled
-    def asn_fallback?
-      @asn_fallback
-    end
-
-    private
-
-    # Helper to check if an environment variable is truthy
-    def env_truthy?(name)
-      value = ENV[name]
-      return false if value.nil?
-      
-      %w[1 true yes on enabled].include?(value.to_s.downcase)
-    end
   end
 end

data/lib/reputable/middleware.rb

@@ -60,7 +60,6 @@ module Reputable
       @blocked_page_options = options.fetch(:blocked_page, {})
       @blocked_page_path = options[:blocked_page_path]
       @ignore_xhr = options.fetch(:ignore_xhr, false)
-      @asn_fallback = options.key?(:asn_fallback) ? options[:asn_fallback] : nil
     end
 
     def call(env)
@@ -99,6 +98,7 @@ module Reputable
     def safe_reputation_gate(env)
       return nil unless @reputation_gate
       return nil unless Reputable.enabled?
+      return nil unless Reputable.operational?
       return nil if skip_request?(env)
 
       enforce_reputation_gate(env)
@@ -319,17 +319,6 @@ module Reputable
       ip = extract_ip(env)
       env["reputable.ip"] = ip
       status = Reputable::Reputation.lookup_ip(ip)
-      
-      # Fallback to ASN reputation if IP has no status and ASN fallback is enabled
-      if status.nil? && asn_fallback_enabled?
-        asn = extract_asn(env)
-        if asn
-          env["reputable.asn"] = asn
-          status = Reputable::Reputation.lookup_asn(asn)
-          env["reputable.reputation_source"] = "asn" if status
-        end
-      end
-      
       env["reputable.reputation_status"] = status
       env["reputable.ignore_analytics"] = status.to_s.start_with?("untrusted")
       status
@@ -339,28 +328,6 @@ module Reputable
       nil
     end
 
-    def asn_fallback_enabled?
-      # Middleware option takes precedence, then config
-      return @asn_fallback unless @asn_fallback.nil?
-      
-      Reputable.configuration.asn_fallback?
-    end
-
-    def extract_asn(env)
-      # First check if app explicitly set it
-      return env["reputable.asn"] if env["reputable.asn"]
-      
-      # Then check the configured header
-      header = Reputable.configuration.asn_header
-      value = env[header]
-      return nil if value.nil? || value.empty?
-      
-      # Normalize: strip "AS" prefix if present
-      value.to_s.strip.sub(/^AS/i, "")
-    rescue StandardError
-      nil
-    end
-
     def blocked_page_options
       config = Reputable.configuration
       defaults = {

data/lib/reputable/rails.rb

@@ -159,6 +159,9 @@ module Reputable
       )
         return if reputable_verified?(session_key: session_key)
 
+        # Skip redirect when circuit is open — the Reputable server is likely unreachable
+        return unless Reputable.operational?
+
         # Check for new format (reputable_s) or legacy format (reputable_signature)
         if params[:reputable_s] || params[:reputable_signature]
           if Reputable.verify_redirect_return(params)
@@ -207,6 +210,9 @@ module Reputable
         blocked_message: nil,
         blocked_show_ip: true
       )
+        # Skip all gating when circuit is open — the Reputable server is likely unreachable
+        return unless Reputable.operational?
+
         if current_ip_blocked?
           render_reputable_blocked_page(
             status: blocked_status,

data/lib/reputable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Reputable
-  VERSION = "0.1.18"
+  VERSION = "0.1.20"
 end

data/lib/reputable.rb

@@ -75,6 +75,28 @@ module Reputable
       !enabled?
     end
 
+    # Check if Reputable is operational (enabled AND circuit breaker is closed)
+    # Use this to guard redirect/gating decisions — when the circuit is open,
+    # the Reputable server is likely unreachable and redirects would fail.
+    # @return [Boolean] true if Reputable can be used, false otherwise
+    def operational?
+      return false unless enabled?
+      return false if Connection.circuit_open?
+      true
+    end
+
+    # Get a detailed status report for monitoring/debugging
+    # @return [Hash] status information
+    def status
+      {
+        enabled: enabled?,
+        operational: operational?,
+        circuit_breaker: Connection.circuit_open? ? "open" : "closed",
+        failure_count: Connection.failure_count,
+        circuit_opened_at: Connection.circuit_opened_at
+      }
+    end
+
     # Delegate tracking methods to Tracker
     def track_request(ip:, path:, **options)
       Tracker.track_request(ip: ip, path: path, **options)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reputable
 version: !ruby/object:Gem::Version
-  version: 0.1.18
+  version: 0.1.20
 platform: ruby
 authors:
 - Reputable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-02-03 00:00:00.000000000 Z
+date: 2026-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis
@@ -137,7 +137,6 @@ files:
 - lib/reputable/reputation.rb
 - lib/reputable/tracker.rb
 - lib/reputable/version.rb
-- reputable.gemspec
 homepage: https://github.com/reputable-click/reputable-rb
 licenses:
 - MIT

data/reputable.gemspec

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "lib/reputable/version"
-
-Gem::Specification.new do |spec|
-  spec.name = "reputable"
-  spec.version = Reputable::VERSION
-  spec.authors = ["Reputable"]
-  spec.email = ["support@reputable.click"]
-
-  spec.summary = "Ruby client for Reputable - bot detection and reputation scoring"
-  spec.description = "Track requests and manage IP reputation through Redis/Dragonfly integration with Reputable"
-  spec.homepage = "https://github.com/reputable-click/reputable-rb"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 2.7.0"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = spec.homepage
-  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
-
-  spec.files = Dir.chdir(__dir__) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)}) || f.end_with?(".gem")
-    end
-  end
-  spec.bindir = "exe"
-  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "redis", ">= 4.0", "< 6.0"
-  spec.add_dependency "connection_pool", "~> 2.2"
-
-  spec.add_development_dependency "bundler", "~> 2.0"
-  spec.add_development_dependency "rake", "~> 13.0"
-  spec.add_development_dependency "rspec", "~> 3.12"
-  spec.add_development_dependency "rack", "~> 2.0"
-  spec.add_development_dependency "rubocop", "~> 1.0"
-end