RubyGems - startback - Versions diffs - 1.2.0 → 1.2.1 - Mend

startback 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/startback/errors.rb +4 -0
data/lib/startback/security/rate_limit.rb +8 -2
data/lib/startback/security/rate_limiter.rb +33 -7
data/lib/startback/version.rb +1 -1
data/spec/unit/security/test_rate_limiter.rb +50 -0
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2bcf837fdfb9024b8ba0da1bbb00919a7fef30f69b5145f93fa7d44cc8202989
-  data.tar.gz: 16916a1f6be864f19999e16c808499a91df7a425ce7855e14fbc7a6ff2e3710f
+  metadata.gz: 72d21c18d06f3f3c99a95b4ebe7573b9fc61021579f707501a2f00652007df03
+  data.tar.gz: 131a14bfcc89c7a04414f044c0ad02aacc6dbf95920add865eb14ee4ecb26e78
 SHA512:
-  metadata.gz: 2d7cf234140ce2e3f0ca7e3c6e4983e0a89d411067156da2f9c55334623de060c2abe2e8e26b1747b97b88ceb25fd8aeddcde98c156093f41f58032cb3eb3b2f
-  data.tar.gz: cde80e613c12e4db455e0f08b8c253c74eec1b0a2f5947b1d57dfa76bc6ce0152632d24b5a97150f9702d493411fe5194d9fe604fb9633df98d28424685e8c34
+  metadata.gz: ceee786b3b488f7a3f0b5fcbe831ee5318cc017a19c2f2771252206ff8a3319dc6b2165f41f774f29b1ee32f50adcdc2e154436a4b640c294c12a1c1e3c84c1b
+  data.tar.gz: 567a6f507af84f76df13eb64fa333aeb51079fcd1efe2950bdda027ee8b3036b13b26fbba3fae8f104cff1e22ef56701dee25f773f96b0c1c957ad255a246524

data/lib/startback/errors.rb CHANGED Viewed

@@ -94,6 +94,10 @@ module Startback
         status 428
       end
+      class TooManyRequestsError < BadRequestError
+        status 429
+      end
     class InternalServerError < Error
       status 500
       keep_error(true)

data/lib/startback/security/rate_limit.rb CHANGED Viewed

@@ -10,8 +10,14 @@ module Startback
         !!@rate_limit
       end
-      def rate_limit_options(defaults)
-        defaults.merge(@rate_limit || {})
+      def rate_limit_options(op, defaults)
+        case @rate_limit
+        when NilClass then defaults
+        when Hash then defaults.merge(@rate_limit)
+        when Symbol then defaults.merge(op.send(@rate_limit))
+        else
+          raise ArgumentError
+        end
       end
     end # module RateLimit

data/lib/startback/security/rate_limiter.rb CHANGED Viewed

@@ -11,16 +11,29 @@ module Startback
     #     RATE_LIMITER = Startback::Security::RateLimiter.new({
     #       store: Startback::Caching::Store.new,  # use a redis cache store in practice
     #       defaults: {
-    #         strategy: :silent_drop,              # simply ignore the call
-    #         detection: :input,                   # method to call on Operation instance to detect call duplicates via pure data
-    #         periodicity: 60,                     # periodicity of occurence count, in seconds
-    #         max_occurence: 3,                    # max number of occurences during the period
+    #         strategy: :silent_drop,
+    #         detection: :input,
+    #         periodicity: 60,
+    #         max_occurence: 3,
     #       },
     #     })
     #
     #     # in api.rb
     #     around_run(RATE_LIMITER)
     #
+    #     # in an operation.rb
+    #     class Op < Startback::Operation
+    #       rate_limit { max_occurences: 2 }   # Partial<Config>
+    #       rate_limit :dynamic_config         # Config obtained on op instance
+    #     end
+    #
+    # Reference:
+    #
+    #     strategy: Symbol => :silent_drop or :fail (429 status code)
+    #     detection: Symbol => method to call on Operation instance to detect call duplicates via pure data
+    #     periodicity: Integer => periodicity of occurence count, in seconds
+    #     max_occurences: Integer => max number of occurences during the period
+    #
     class RateLimiter
       include Support::Robustness
@@ -38,7 +51,7 @@ module Startback
         raise ArgumentError, "A block is required" unless then_block
         if op.class.has_rate_limit?
-          limit_options = op.class.rate_limit_options(defaults || {})
+          limit_options = op.class.rate_limit_options(op, defaults || {})
           key, authorized = authorize_call!(op, limit_options)
           unless authorized
             log_rate_limited(op, key, limit_options)
@@ -54,9 +67,18 @@ module Startback
       def authorize_call!(op, limit_options)
         key = get_detection_key(op, limit_options)
         count = get_detection_count(key)
+        strat = strategy(limit_options)
         authorize = (count < max_occurences_allowed(limit_options))
-        save_detection_count(key, count + 1, limit_options) if authorize
-        [key, authorize]
+        if authorize
+          save_detection_count(key, count + 1, limit_options)
+          [key, authorize]
+        elsif strat === :silent_drop
+          [key, authorize]
+        elsif strat === :fail
+          raise Startback::Errors::TooManyRequestsError, op.class.name.to_s
+        else
+          [key, authorize]
+        end
       end
       def get_detection_count(key)
@@ -101,6 +123,10 @@ module Startback
         limit_options[:max_occurences] || @options[:max_occurences] || 1
       end
+      def strategy(limit_options)
+        limit_options[:strategy] || @options[:strategy] || :silent_drop
+      end
       def log_rate_limited(op, key, limit_options)
         logger_for(op).warn({
           op: self.class,

data/lib/startback/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Startback
   module Version
     MAJOR = 1
     MINOR = 2
-    TINY  = 0
+    TINY  = 1
   end
   VERSION = "#{Version::MAJOR}.#{Version::MINOR}.#{Version::TINY}"
 end

data/spec/unit/security/test_rate_limiter.rb CHANGED Viewed

@@ -76,6 +76,31 @@ module Startback
         end
       end
+      context 'when :fail with a constant' do
+        class FailingRateLimitedOp < RateLimitedOp
+          rate_limit({
+            strategy: :fail,
+            detection: "constant"
+          })
+        end
+        let (:op_class) {
+          FailingRateLimitedOp
+        }
+        it 'works when called once' do
+          call_it_once
+          expect(op_class.called_count).to eql(1)
+        end
+        it 'fails on second call' do
+          call_it_once
+          expect {
+            call_it_once
+          }.to raise_error(Startback::Errors::TooManyRequestsError)
+        end
+      end
       context 'when silent_drop with a symbol' do
         class InputRateLimitedOp < RateLimitedOp
           rate_limit({
@@ -160,6 +185,31 @@ module Startback
           expect(op_class.called_count).to eql(3)
         end
       end
+      context 'when using a dynamic configuration' do
+        class DynamicRateLimitedOp < RateLimitedOp
+          rate_limit :rate_limit_options
+          def rate_limit_options
+            {
+              strategy: :silent_drop,
+              detection: "constant",
+              max_occurences: input[:max],
+            }
+          end
+        end
+        let (:op_class) {
+          DynamicRateLimitedOp
+        }
+        it 'works when called three times in a row' do
+          call_it_once(max: 2)
+          call_it_once(max: 2)
+          call_it_once(max: 2)
+          expect(op_class.called_count).to eql(2)
+        end
+      end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: startback
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - Bernard Lambeau