sinatra-rate-limiter 0.2.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 030b21e819260562c4da8c1472360e4d8cdb1c8d
+  data.tar.gz: 456ad3d77b05fe72a5d01aba6ee3699b7da49916
+SHA512:
+  metadata.gz: 920f5b487a6dd84cd220a27869811d834102ff591a68d2446758b851546893af17f1e1dbdf8fbb9b44f9bf88547089263bc30c0af137c786b3bc2db710cd2303
+  data.tar.gz: 14427e370cc5f040287edfba31247480fac29bb2c66a7b06199df0e7f778f9c75c35cb840b926253bca41fe17c3748cabc65dd1c88076fbf50cfdd53a0b36a72

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (C) 2015 Warren Guy <warren@guy.net.au>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,87 @@
+# sinatra/rate-limiter
+
+A customisable redis backed rate limiter for Sinatra applications.
+
+## Installing
+
+ * Add the gem to your Gemfile
+
+   ```ruby
+   source 'https://rubygems.org'
+   gem 'sinatra-rate-limiter'
+   ```
+
+ * Require and enable it in your app after including Sinatra
+
+   ```ruby
+   require 'sinatra/rate-limiter'
+   enable :rate_limiter
+   ```
+
+## Usage
+
+Use `rate_limit` in the pipeline of any route (i.e. in the route itself, or
+in a `before` filter, or in a Padrino controller, etc. `rate_limit` takes
+zero to infinite parameters, with the syntax:
+
+  ```rate_limit [String], [<Fixnum>, <Fixnum>], [<Fixnum>, <Fixnum>], ...```
+
+The following route will be limited to 10 requests per minute and 100
+requests per hour:
+
+  ```ruby
+  get '/rate-limited' do
+    rate_limit 'default', 10, 60, 100, 60*60
+
+    "now you see me"
+  end
+  ```
+
+The following will apply an unnamed limit of 1000 requests per hour to all
+routes and stricter individual rate limits to two particular routes:
+
+  ```ruby
+  set :rate_limiter_default_limits, [1000, 60*60]
+  before do
+    rate_limit
+  end
+
+  get '/' do
+    "this route has the global limit applied"
+  end
+
+  get '/rate-limit-1' do
+    rate_limit 'ratelimit1', 2,  5,
+                             10, 60 
+  end
+
+  get '/rate-limit-2' do
+    rate_limit 'ratelimit2', 1, 10
+  end
+  ```
+
+N.B. in the last example, be aware that the more specific rate limits do not
+override any rate limit already defined during route processing, and the
+global rate limit will apply additionally. If you call `rate_limit` more than
+once with the same (or no) name, it will be double counted.
+
+## Configuration
+
+All configuration is optional. If no default limits are specified here,
+you must specify limits with each call of `rate_limit`
+
+### Defaults
+
+   ```ruby
+   set :rate_limiter_default_limits,   []
+   set :rate_limiter_environments,     [:production]
+   set :rate_limiter_error_code,       429
+   set :rate_limiter_error_template,   nil
+   set :rate_limiter_send_headers,     true
+   set :rate_limiter_custom_user_id,   nil
+   set :rate_limiter_redis_conn,       Redis.new
+   set :rate_limiter_redis_namespace,  'rate_limit'
+   set :rate_limiter_redis_expires,    24*60*60
+   ```
+
+TODO: document each setting here explicitly

data/lib/sinatra/rate-limiter.rb

@@ -0,0 +1,128 @@
+require 'sinatra/base'
+require 'redis'
+
+module Sinatra
+
+  module RateLimiter
+
+    module Helpers
+
+      def rate_limit(*args)
+        return unless settings.rate_limiter and settings.rate_limiter_environments.include?(settings.environment)
+
+        limit_name, limits = parse_args(args)
+
+        if error_locals = limits_exceeded?(limits, limit_name)
+          rate_limit_headers(limits, limit_name)
+          response.headers['Retry-After'] = error_locals[:try_again] if settings.rate_limiter_send_headers
+          halt settings.rate_limiter_error_code, error_response(error_locals)
+        end
+
+        redis.setex([namespace,user_identifier,limit_name,Time.now.to_f.to_s].join('/'),
+                    settings.rate_limiter_redis_expires,
+                    request.env['REQUEST_URI'])
+
+        rate_limit_headers(limits, limit_name) if settings.rate_limiter_send_headers
+      end
+
+      private
+
+      def parse_args(args)
+        limit_name = args.map{|a| a.class}.first.eql?(String) ? args.shift : 'default'
+        args = settings.rate_limiter_default_limits if args.size < 1
+
+        if (args.size < 1)
+          raise ArgumentError, 'No explicit or default limits values provided.'
+        elsif (args.map{|a| a.class}.select{|a| a != Fixnum}.count > 0)
+          raise ArgumentError, 'Non-Fixnum parameters supplied. All parameters must be Fixnum except the first which may be a String.'
+        elsif ((args.map{|a| a.class}.size % 2) != 0)
+          raise ArgumentError, 'Wrong number of Fixnum parameters supplied.'
+        end
+
+        limits = args.each_slice(2).to_a.map{|a| {requests: a[0], seconds: a[1]}}
+
+        return [limit_name, limits]
+      end
+
+      def redis
+        settings.rate_limiter_redis_conn
+      end
+
+      def namespace
+        settings.rate_limiter_redis_namespace
+      end
+
+      def limit_history(limit_name, seconds=0)
+        redis.
+          keys("#{[namespace,user_identifier,limit_name].join('/')}/*").
+          map{|k| k.split('/')[3].to_f}.
+          select{|t| seconds.eql?(0) ? true : t > (Time.now.to_f - seconds)}
+      end
+
+      def limit_remaining(limit, limit_name)
+        limit[:requests] - limit_history(limit_name, limit[:seconds]).length
+      end
+
+      def limit_reset(limit, limit_name)
+        limit[:seconds] - (Time.now.to_f - limit_history(limit_name, limit[:seconds]).first).to_i
+      end
+
+      def limits_exceeded?(limits, limit_name)
+        exceeded = limits.select {|limit| limit_remaining(limit, limit_name) < 1}.sort_by{|e| e[:seconds]}.last
+
+        if exceeded
+          try_again = limit_reset(exceeded, limit_name)
+          return exceeded.merge({try_again: try_again.to_i})
+        end
+      end
+
+      def rate_limit_headers(limits, limit_name)
+        header_prefix = 'X-Rate-Limit' + (limit_name.eql?('default') ? '' : '-' + limit_name)
+        limit_no = 0 if limits.length > 1
+        limits.each do |limit|
+          limit_no = limit_no + 1 if limit_no
+          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Limit']     = limit[:requests]
+          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Remaining'] = limit_remaining(limit, limit_name)
+          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Reset']     = limit_reset(limit, limit_name)
+        end
+      end
+
+      def error_response(locals)
+        if settings.rate_limiter_error_template
+          render settings.rate_limiter_error_template, locals: locals
+        else
+          content_type 'text/plain'
+          "Rate limit exceeded (#{locals[:requests]} requests in #{locals[:seconds]} seconds). Try again in #{locals[:try_again]} seconds."
+        end
+      end
+
+      def user_identifier
+        if settings.rate_limiter_custom_user_id.class == Proc
+          return settings.rate_limiter_custom_user_id.call(request)
+        else
+          return request.ip
+        end
+      end
+
+    end
+
+    def self.registered(app)
+      app.helpers RateLimiter::Helpers
+
+      app.set :rate_limiter,                  false
+      app.set :rate_limiter_default_limits,   []  # 10 requests per minute: [{requests: 10, seconds: 60}] 
+      app.set :rate_limiter_environments,     [:production]
+      app.set :rate_limiter_error_code,       429 # http://tools.ietf.org/html/rfc6585
+      app.set :rate_limiter_error_template,   nil # locals: requests, seconds, try_again
+      app.set :rate_limiter_send_headers,     true
+      app.set :rate_limiter_custom_user_id,   nil # Proc.new { Proc.new{ |request| request.ip } }
+                                                  # must be wrapped with another Proc because Sinatra
+                                                  # evaluates Procs in settings when reading them.
+      app.set :rate_limiter_redis_conn,       Redis.new
+      app.set :rate_limiter_redis_namespace,  'rate_limit'
+      app.set :rate_limiter_redis_expires,    24*60*60
+    end
+
+  end
+
+end

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification
+name: sinatra-rate-limiter
+version: !ruby/object:Gem::Version
+  version: 0.2.1
+platform: ruby
+authors:
+- Warren Guy
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-05-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: A redis based rate limiter for Sinatra
+email: warren@guy.net.au
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/sinatra/rate-limiter.rb
+homepage: https://github.com/warrenguy/sinatra-rate-limiter
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A redis based rate limiter for Sinatra
+test_files: []