robust_server_socket 0.4.2 → 0.4.3

data/lib/robust_server_socket/modules/{dos_attack_protection.rb → rate_limit_protection.rb}

@@ -1,16 +1,18 @@
+# frozen_string_literal: true
+
 require_relative '../cacher'
 require_relative '../rate_limiter'
 
 module RobustServerSocket
   module Modules
-    module DosAttackProtection
+    module RateLimitProtection
       def self.included(_base)
         RobustServerSocket._push_modules_check_code('validate_rate_limit')
         RobustServerSocket._push_bang_modules_check_code("validate_rate_limit!\n")
       end
 
       def validate_rate_limit
-        !!RateLimiter.check(client)
+        RateLimiter.check(client)
       end
 
       def validate_rate_limit!

data/lib/robust_server_socket/modules/replay_attack_protection.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative '../cacher'
 
 module RobustServerSocket
@@ -13,28 +15,15 @@ module RobustServerSocket
 
       def atomic_validate_and_log_token!
         result = Cacher.atomic_validate_and_log(
-          decrypted_token,
-          store_used_token_time,
-          timestamp,
-          token_expiration_time
+          decrypted_token, store_used_token_time, timestamp, token_expiration_time
         )
-
-        case result
-          when 'ok'
-            true
-          when 'stale'
-            raise StaleToken
-          when 'used'
-            raise UsedToken
-          else
-            raise StandardError, "Unexpected result: #{result}"
-          end
+        handle_validation_result!(result)
       end
 
       def atomic_validate_and_log_token
         Cacher.atomic_validate_and_log(
           decrypted_token,
-          store_used_token_time, # window for storing used token
+          store_used_token_time,
           timestamp,
           token_expiration_time
         ) == 'ok'
@@ -42,8 +31,17 @@ module RobustServerSocket
 
       private
 
+      def handle_validation_result!(result)
+        case result
+        when 'ok' then true
+        when 'stale' then raise StaleToken
+        when 'used' then raise UsedToken
+        else raise StandardError, "Unexpected result: #{result}"
+        end
+      end
+
       def store_used_token_time
-        RobustServerSocket.configuration.store_used_token_time
+        RobustServerSocket.configuration.token_expiration_time + Cacher::CLOCK_SKEW_MS / 1000
       end
     end
   end

data/lib/robust_server_socket/rate_limiter.rb

@@ -1,30 +1,20 @@
+# frozen_string_literal: true
+
 module RobustServerSocket
   class RateLimiter
     RateLimitExceeded = Class.new(StandardError)
 
     class << self
       def check!(client_name)
-        unless (attempts = check(client_name))
-          actual_attempts = current_attempts(client_name)
-
-          raise RateLimitExceeded, "Rate limit exceeded for #{client_name}: #{actual_attempts}/#{max_requests} requests per #{window_seconds}s"
-        end
+        return if check(client_name)
 
-        attempts
+        raise RateLimitExceeded,
+              "Rate limit exceeded for #{client_name}: max #{max_requests} per #{window_seconds}s"
       end
 
       def check(client_name)
-        key = rate_limit_key(client_name)
-        attempts = increment_attempts(key)
-
-        return false if attempts > max_requests
-
-        attempts
-      end
-
-      def current_attempts(client_name)
-        key = rate_limit_key(client_name)
-        Cacher.get(key).to_i
+        attempts = record_attempt(client_name)
+        attempts <= max_requests
       end
 
       def reset!(client_name)
@@ -39,16 +29,11 @@ module RobustServerSocket
 
       private
 
-      def increment_attempts(key)
-        Cacher.with_redis do |conn|
-          attempts = conn.incr(key)
-          # Set expiration only on first attempt to ensure atomic window
-          conn.expire(key, window_seconds) if attempts == 1
-          attempts
-        end
+      def record_attempt(client_name)
+        Cacher.incr_sliding_window_count(rate_limit_key(client_name), window_seconds)
       rescue Cacher::RedisConnectionError => e
-        handle_redis_error(e, 'increment_attempts')
-        0 # Fail open: allow request if Redis is down
+        handle_redis_error(e, 'record_attempt')
+        0
       end
 
       def rate_limit_key(client_name)

data/lib/robust_server_socket/secure_token/decrypt.rb

@@ -1,20 +1,18 @@
+# frozen_string_literal: true
+
 module RobustServerSocket
   module SecureToken
-    BASE64_REGEXP = /\A[A-Za-z0-9+\/]*={0,2}\z/.freeze
+    BASE64_REGEXP = %r{\A[A-Za-z0-9+/]+={0,2}\z}.freeze
     InvalidToken = Class.new(StandardError)
 
     module Decrypt
       class << self
         def call(token)
-          unless token.is_a?(String) && token.match?(BASE64_REGEXP)
-            raise InvalidToken, 'Invalid token format'
-          end
+          raise InvalidToken, 'Invalid token format' unless token.is_a?(String) && token.match?(BASE64_REGEXP)
 
           decoded_token = ::Base64.strict_decode64(token)
 
-          if decoded_token.bytesize > 1024
-            raise InvalidToken, 'Token too large'
-          end
+          raise InvalidToken, 'Token too large' if decoded_token.bytesize > 1024
 
           private_key.private_decrypt(decoded_token, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING).force_encoding('UTF-8')
         rescue ::OpenSSL::PKey::RSAError, ArgumentError

data/lib/robust_server_socket.rb

@@ -14,17 +14,17 @@ module RobustServerSocket
 
   module_function
 
-  def load!
+  def load! # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength
     raise 'You must correctly configure RobustServerSocket first!' unless configured?
 
     configuration.using_modules.each do |mod|
       raise ArgumentError, 'Module must be a Symbol!' unless mod.is_a?(Symbol)
 
       require_relative "robust_server_socket/modules/#{mod}"
-      ClientToken.include eval(mod.to_s.split('_').map(&:capitalize).unshift('Modules::').join)
+      ClientToken.include const_get(mod.to_s.split('_').map(&:capitalize).unshift('Modules::').join)
     end
 
-    ClientToken.class_eval(<<~METHOD)
+    ClientToken.class_eval(<<~METHOD, __FILE__, __LINE__ + 1)
       def modules_checks
         #{(RobustServerSocket.configuration._modules_check_rows.empty? ? ['true'] : RobustServerSocket.configuration._modules_check_rows.map(&:strip)).join(' && ')}
       end

data/lib/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RobustServerSocket
-  VERSION = '0.4.2'
+  VERSION = '0.4.3'
 end

data/robust_server_socket.gemspec

@@ -1,16 +1,16 @@
 # frozen_string_literal: true
 
-require "./lib/version"
+require './lib/version'
 
 Gem::Specification.new do |spec|
-  spec.name = "robust_server_socket"
+  spec.name = 'robust_server_socket'
   spec.version = RobustServerSocket::VERSION
-  spec.authors = ["tee_zed"]
-  spec.email = ["tee0zed@gmail.com"]
-  spec.description = "Robust Server Socket"
-  spec.summary = "Robust Server Socket gem for RobustPro"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 2.7.0"
+  spec.authors = ['tee_zed']
+  spec.email = ['tee0zed@gmail.com']
+  spec.description = 'Robust Server Socket'
+  spec.summary = 'Robust Server Socket gem for RobustPro'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.7.0'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -20,13 +20,13 @@ Gem::Specification.new do |spec|
         f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
     end
   end
-  spec.bindir = "exe"
+  spec.bindir = 'exe'
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-  spec.add_dependency 'rspec'
+  spec.require_paths = ['lib']
+  spec.add_dependency 'hiredis'
   spec.add_dependency 'rake'
   spec.add_dependency 'redis'
-  spec.add_dependency 'hiredis'
+  spec.add_dependency 'rspec'
 
   # Uncomment to register a new dependency of your gem
   # spec.add_dependency "example-gem", "~> 1.0"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: robust_server_socket
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.3
 platform: ruby
 authors:
 - tee_zed
@@ -10,7 +10,7 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: hiredis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -52,7 +52,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: hiredis
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -73,6 +73,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
 - CODE_OF_CONDUCT.md
 - LICENSE.txt
 - README.en.md
@@ -83,7 +85,7 @@ files:
 - lib/robust_server_socket/client_token.rb
 - lib/robust_server_socket/configuration.rb
 - lib/robust_server_socket/modules/client_auth_protection.rb
-- lib/robust_server_socket/modules/dos_attack_protection.rb
+- lib/robust_server_socket/modules/rate_limit_protection.rb
 - lib/robust_server_socket/modules/replay_attack_protection.rb
 - lib/robust_server_socket/rate_limiter.rb
 - lib/robust_server_socket/secure_token/decrypt.rb