RubyGems - sinatra-rate-limiter - Versions diffs - 0.2.1 → 0.2.2 - Mend

sinatra-rate-limiter 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/README.md +31 -4
data/lib/sinatra/rate-limiter.rb +69 -24
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 030b21e819260562c4da8c1472360e4d8cdb1c8d
-  data.tar.gz: 456ad3d77b05fe72a5d01aba6ee3699b7da49916
+  metadata.gz: 284920f0a11fd397c41ae1bd5e31f6e1f45bb846
+  data.tar.gz: 58c8cc97bbab02f53ba781fbc4e1ef0ba0901eb5
 SHA512:
-  metadata.gz: 920f5b487a6dd84cd220a27869811d834102ff591a68d2446758b851546893af17f1e1dbdf8fbb9b44f9bf88547089263bc30c0af137c786b3bc2db710cd2303
-  data.tar.gz: 14427e370cc5f040287edfba31247480fac29bb2c66a7b06199df0e7f778f9c75c35cb840b926253bca41fe17c3748cabc65dd1c88076fbf50cfdd53a0b36a72
+  metadata.gz: 589661c3cd2635d4fad8c7ad421ef3ca02cc22c6dff9e7bcbb6dc495820d99c2b1063a530057907499a2725404c198cbf394d38a34362fd9dcc1e4afbe670554
+  data.tar.gz: d279915ae972605f568070b3e0d63b2a35963b5a805dc82c3ed75fbe80436d5c9b5cc632fd2fffbb81f316962b94751411a40cf28efe7152af0a6d55c950ed82

data/README.md CHANGED Viewed

@@ -2,6 +2,15 @@
 A customisable redis backed rate limiter for Sinatra applications.
+This rate limiter extension operates on a leaky bucket principle. Each
+request that the rate limiter sees logs a new item in the redis store. If
+more than the allowable number of requests have been made in the given time
+then no new item is logged and the request is aborted. The items stored in
+redis include a bucket name and timestamp in their key name. This allows
+multiple limit "buckets" to be used and for variable rate limits to be
+applied to different requests using the same bucket. See the _Usage_ section
+below for examples demonstrating this.
 ## Installing
  * Add the gem to your Gemfile
@@ -24,7 +33,14 @@ Use `rate_limit` in the pipeline of any route (i.e. in the route itself, or
 in a `before` filter, or in a Padrino controller, etc. `rate_limit` takes
 zero to infinite parameters, with the syntax:
-  ```rate_limit [String], [<Fixnum>, <Fixnum>], [<Fixnum>, <Fixnum>], ...```
+  ```
+  rate_limit [String], [[<Fixnum>, <Fixnum>], [<Fixnum>, <Fixnum>], ...]
+  ```
+The `String` optionally defines a name for this rate limiter, allowing you
+to have multiple rate limits within your app. The following pairs of
+`Fixnum`s define `[requests, seconds]`, allowing you to specify how many
+requests per seconds this rate limiter allows.
 The following route will be limited to 10 requests per minute and 100
 requests per hour:
@@ -50,20 +66,31 @@ routes and stricter individual rate limits to two particular routes:
     "this route has the global limit applied"
   end
-  get '/rate-limit-1' do
+  get '/rate-limit-1/example-1' do
     rate_limit 'ratelimit1', 2,  5,
                              10, 60
+    "this route is rate limited to 2 requests per 5 seconds and 10 per 60
+     seconds"
   end
+  get '/rate-limit-1/example-2' do
+    rate_limit 'ratelimit1', 60, 60
+    "this route is rate limited to 60 requests per minute using the same
+     bucket as '/rate-limit-1'. "
   get '/rate-limit-2' do
     rate_limit 'ratelimit2', 1, 10
+    "this route is rate limited to 1 request per 10 seconds"
   end
   ```
 N.B. in the last example, be aware that the more specific rate limits do not
 override any rate limit already defined during route processing, and the
-global rate limit will apply additionally. If you call `rate_limit` more than
-once with the same (or no) name, it will be double counted.
+global rate limit will apply additionally. If you call `rate_limit` more
+than once with the same (or no) name, it will be double counted.
 ## Configuration

data/lib/sinatra/rate-limiter.rb CHANGED Viewed

@@ -12,8 +12,12 @@ module Sinatra
         limit_name, limits = parse_args(args)
-        if error_locals = limits_exceeded?(limits, limit_name)
-          rate_limit_headers(limits, limit_name)
+        limiter = RateLimit.new(limit_name, limits)
+        limiter.settings = settings
+        limiter.request  = request
+        if error_locals = limits_exceeded?(limits, limiter)
+          rate_limit_headers(limits, limit_name, limiter)
           response.headers['Retry-After'] = error_locals[:try_again] if settings.rate_limiter_send_headers
           halt settings.rate_limiter_error_code, error_response(error_locals)
         end
@@ -22,7 +26,7 @@ module Sinatra
                     settings.rate_limiter_redis_expires,
                     request.env['REQUEST_URI'])
-        rate_limit_headers(limits, limit_name) if settings.rate_limiter_send_headers
+        rate_limit_headers(limits, limit_name, limiter) if settings.rate_limiter_send_headers
       end
       private
@@ -37,11 +41,12 @@ module Sinatra
           raise ArgumentError, 'Non-Fixnum parameters supplied. All parameters must be Fixnum except the first which may be a String.'
         elsif ((args.map{|a| a.class}.size % 2) != 0)
           raise ArgumentError, 'Wrong number of Fixnum parameters supplied.'
+        elsif !(limit_name =~ /^[a-zA-Z0-9\-]*$/)
+          raise ArgumentError, 'Limit name must be a String containing only a-z, A-Z, 0-9, and -.'
         end
-        limits = args.each_slice(2).to_a.map{|a| {requests: a[0], seconds: a[1]}}
-        return [limit_name, limits]
+        return [limit_name,
+                args.each_slice(2).map{|a| {requests: a[0], seconds: a[1]}}]
       end
       def redis
@@ -52,38 +57,31 @@ module Sinatra
         settings.rate_limiter_redis_namespace
       end
-      def limit_history(limit_name, seconds=0)
-        redis.
-          keys("#{[namespace,user_identifier,limit_name].join('/')}/*").
-          map{|k| k.split('/')[3].to_f}.
-          select{|t| seconds.eql?(0) ? true : t > (Time.now.to_f - seconds)}
-      end
-      def limit_remaining(limit, limit_name)
-        limit[:requests] - limit_history(limit_name, limit[:seconds]).length
+      def limit_remaining(limit, limiter)
+        limit[:requests] - limiter.history(limit[:seconds]).length
       end
-      def limit_reset(limit, limit_name)
-        limit[:seconds] - (Time.now.to_f - limit_history(limit_name, limit[:seconds]).first).to_i
+      def limit_reset(limit, limiter)
+        limit[:seconds] - (Time.now.to_f - limiter.history(limit[:seconds]).first.to_f).to_i
       end
-      def limits_exceeded?(limits, limit_name)
-        exceeded = limits.select {|limit| limit_remaining(limit, limit_name) < 1}.sort_by{|e| e[:seconds]}.last
+      def limits_exceeded?(limits, limiter)
+        exceeded = limits.select {|limit| limit_remaining(limit, limiter) < 1}.sort_by{|e| e[:seconds]}.last
         if exceeded
-          try_again = limit_reset(exceeded, limit_name)
+          try_again = limit_reset(exceeded, limiter)
           return exceeded.merge({try_again: try_again.to_i})
         end
       end
-      def rate_limit_headers(limits, limit_name)
+      def rate_limit_headers(limits, limit_name, limiter)
         header_prefix = 'X-Rate-Limit' + (limit_name.eql?('default') ? '' : '-' + limit_name)
         limit_no = 0 if limits.length > 1
         limits.each do |limit|
           limit_no = limit_no + 1 if limit_no
           response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Limit']     = limit[:requests]
-          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Remaining'] = limit_remaining(limit, limit_name)
-          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Reset']     = limit_reset(limit, limit_name)
+          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Remaining'] = limit_remaining(limit, limiter)
+          response.headers[header_prefix + (limit_no ? "-#{limit_no}" : '') + '-Reset']     = limit_reset(limit, limiter)
         end
       end
@@ -104,6 +102,13 @@ module Sinatra
         end
       end
+      def get_min_time_prefix(limits)
+        now    = Time.now.to_f
+        oldest = Time.now.to_f - limits.sort_by{|l| -l[:seconds]}.first[:seconds]
+        return now.to_s[0..((now/oldest).to_s.split(/^1\.|[1-9]+/)[1].length)].to_i.to_s
+      end
     end
     def self.registered(app)
@@ -120,9 +125,49 @@ module Sinatra
                                                   # evaluates Procs in settings when reading them.
       app.set :rate_limiter_redis_conn,       Redis.new
       app.set :rate_limiter_redis_namespace,  'rate_limit'
-      app.set :rate_limiter_redis_expires,    24*60*60
+      app.set :rate_limiter_redis_expires,    24*60*60 # This must be larger than longest limit time period
+    end
+  end
+  class RateLimit
+    attr_reader :history
+    def initialize(limit_name, limits)
+      @limit_name    = limit_name
+      @limits        = limits
+      @time_prefix   = get_min_time_prefix(@limits)
     end
+    include Sinatra::RateLimiter::Helpers
+    def history(seconds=0)
+      redis_history.select{|t| seconds.eql?(0) ? true : t > (Time.now.to_f - seconds)}
+    end
+    def redis_history
+      if @history
+        @history
+      else
+        @history = redis.
+          keys("#{[namespace,user_identifier,@limit_name].join('/')}/#{@time_prefix}*").
+          map{|k| k.split('/')[3].to_f}
+      end
+    end
+    def settings=(settings)
+      @settings = settings
+    end
+    def settings
+      @settings
+    end
+    def request=(request)
+      @request = request
+    end
+    def request
+      @request
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra-rate-limiter
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Warren Guy