straight-server 0.2.2 → 0.2.3

data/spec/lib/throttle_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+require 'timecop'
+
+RSpec.describe StraightServer::Throttler do
+
+  it 'throttles requests' do
+    new_config          = StraightServer::Config.dup
+    new_config.throttle = {requests_limit: 1, period: 1}
+    stub_const 'StraightServer::Config', new_config
+    throttler1 = described_class.new(1)
+    throttler2 = described_class.new(2)
+    now        = Time.now.round
+    Timecop.freeze(now) do
+      expect(throttler1.deny?('127.0.0.1')).to eq false
+      expect(throttler1.deny?('127.0.0.1')).to eq true
+      expect(throttler2.deny?('127.0.0.1')).to eq false # does not affect other gateways
+    end
+    Timecop.freeze(now + 0.5) do
+      expect(throttler1.deny?('127.0.0.2')).to eq false
+    end
+    Timecop.freeze(now + 1.1) do
+      expect(throttler1.deny?('127.0.0.2')).to eq false # new timeframe
+      expect(throttler1.deny?('127.0.0.2')).to eq true
+      expect(throttler2.deny?('127.0.0.2')).to eq false
+      expect(throttler1.deny?('127.0.0.1')).to eq false
+      expect(throttler1.deny?('127.0.0.1')).to eq true
+      expect(throttler2.deny?('127.0.0.1')).to eq false
+    end
+  end
+
+  it 'bans by ip' do
+    new_config          = StraightServer::Config.dup
+    new_config.throttle = {requests_limit: 3, period: 1, ip_ban_duration: 30}
+    stub_const 'StraightServer::Config', new_config
+    throttler1 = described_class.new(1)
+    throttler2 = described_class.new(2)
+    3.times { expect(throttler1.deny?('127.0.0.1')).to eq false }
+    banned_at = Time.now
+    [0, 10, 20, 30].each do |offset|
+      Timecop.freeze(banned_at + offset) do
+        expect(throttler1.deny?('127.0.0.1')).to eq true
+        expect(throttler2.deny?('127.0.0.1')).to eq true # affects any gateways
+        expect(throttler1.deny?('127.0.0.2')).to eq false
+        expect(throttler2.deny?('127.0.0.2')).to eq false
+      end
+    end
+    Timecop.freeze(banned_at + 31) do
+      expect(throttler1.deny?('127.0.0.1')).to eq false
+      expect(throttler2.deny?('127.0.0.1')).to eq false
+    end
+  end
+end

data/straight-server.gemspec

@@ -2,19 +2,19 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: straight-server 0.2.2 ruby lib
+# stub: straight-server 0.2.3 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "straight-server"
-  s.version = "0.2.2"
+  s.version = "0.2.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Roman Snitko"]
-  s.date = "2015-05-10"
+  s.date = "2015-05-30"
   s.description = "Accepts orders via http, returns payment info via http or streams updates via websockets, stores orders in a DB"
   s.email = "roman.snitko@gmail.com"
-  s.executables = ["goliath.log", "goliath.log_stdout.log", "straight-console", "straight-server", "straight-server-benchmark"]
+  s.executables = ["straight-console", "straight-server", "straight-server-benchmark"]
   s.extra_rdoc_files = [
     "LICENSE.txt",
     "README.md"
@@ -34,8 +34,6 @@ Gem::Specification.new do |s|
     "benchmark/config.yml",
     "benchmark/default_last_keychain_id",
     "benchmark/server_secret",
-    "bin/goliath.log",
-    "bin/goliath.log_stdout.log",
     "bin/straight-console",
     "bin/straight-server",
     "bin/straight-server-benchmark",
@@ -48,6 +46,9 @@ Gem::Specification.new do |s|
     "db/migrations/007_add_active_switcher_to_gateways.rb",
     "db/migrations/008_add_order_counters_to_gateways.rb",
     "db/migrations/009_add_hashed_id_to_gateways.rb",
+    "db/migrations/010_add_address_reusability_orders.rb",
+    "db/migrations/011_add_callback_data_to_orders.rb",
+    "db/schema.rb",
     "examples/client/client.dart",
     "examples/client/client.html",
     "examples/client/client.js",
@@ -61,7 +62,9 @@ Gem::Specification.new do |s|
     "lib/straight-server/random_string.rb",
     "lib/straight-server/server.rb",
     "lib/straight-server/thread.rb",
+    "lib/straight-server/throttler.rb",
     "lib/straight-server/utils/hash_string_to_sym_keys.rb",
+    "lib/tasks/db.rake",
     "spec/.straight/config.yml",
     "spec/.straight/server_secret",
     "spec/factories.rb",
@@ -71,6 +74,7 @@ Gem::Specification.new do |s|
     "spec/lib/initializer_spec.rb",
     "spec/lib/order_spec.rb",
     "spec/lib/orders_controller_spec.rb",
+    "spec/lib/throttle_spec.rb",
     "spec/lib/utils/hash_string_to_sym_keys.rb",
     "spec/spec_helper.rb",
     "spec/support/custom_matchers.rb",
@@ -95,6 +99,7 @@ Gem::Specification.new do |s|
       s.add_runtime_dependency(%q<logmaster>, ["= 0.1.5"])
       s.add_runtime_dependency(%q<ruby-hmac>, [">= 0"])
       s.add_runtime_dependency(%q<httparty>, [">= 0"])
+      s.add_runtime_dependency(%q<money-tree>, ["= 0.9.0"])
       s.add_development_dependency(%q<bundler>, ["~> 1.0"])
       s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
       s.add_development_dependency(%q<github_api>, ["= 0.11.3"])
@@ -107,6 +112,7 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<logmaster>, ["= 0.1.5"])
       s.add_dependency(%q<ruby-hmac>, [">= 0"])
       s.add_dependency(%q<httparty>, [">= 0"])
+      s.add_dependency(%q<money-tree>, ["= 0.9.0"])
       s.add_dependency(%q<bundler>, ["~> 1.0"])
       s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
       s.add_dependency(%q<github_api>, ["= 0.11.3"])
@@ -120,6 +126,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<logmaster>, ["= 0.1.5"])
     s.add_dependency(%q<ruby-hmac>, [">= 0"])
     s.add_dependency(%q<httparty>, [">= 0"])
+    s.add_dependency(%q<money-tree>, ["= 0.9.0"])
     s.add_dependency(%q<bundler>, ["~> 1.0"])
     s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
     s.add_dependency(%q<github_api>, ["= 0.11.3"])

data/templates/config.yml

@@ -13,9 +13,26 @@ count_orders: false
 # transaction has been made in the last seconds and Straight didn't have time to detect it?
 # This just adds a little bit more time to each expiration period.
 # So technically, you can tell your customer he's got 900 seconds to pay, yet wait additional
-# 30 seconds (default value) to be able to detect a late transaction 
+# 30 seconds (default value) to be able to detect a late transaction
 expiration_overtime: 30
 
+# If you have this number of expired addresses in a row,
+# the latest one of those will be reused to create a new order.
+# This is because wallets that support BIP32 do a limited lookup: they
+# only normally check the next 20 next addresses. Thus, the default value.
+# Without address reuse, merchants may fall into a situation where they
+# technically receive the money, but it's never detected by the wallet.
+reuse_address_orders_threshold: 20
+
+# Uncomment this if you want to limit orders creation rate.
+# For example, if user's cat makes more than 21 new orders during 60 seconds (from the same IP and Widget),
+# any user with this IP will be unable to create more orders via this Widget during those 60 seconds
+# Additionally, you can block new orders creation via any Widget from throttled IP for 300 seconds
+#throttle:
+#  requests_limit: 21
+#  period: 60           # in seconds
+#  ip_ban_duration: 300 # in seconds
+
 # Uncomment this if you want to use Gateway's order counters feature
 # It requires redis.
 #redis:
@@ -70,7 +87,7 @@ blockchain_adapters:
 logmaster:
   log_level: INFO # Wise to change to WARN for production
   file: straight.log
-  raise_exception: false 
+  raise_exception: false
   name: Straight server logger
 
   # These options bellow send you email whenever a FATAL error occurs.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: straight-server
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Roman Snitko
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-10 00:00:00.000000000 Z
+date: 2015-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: straight
@@ -122,6 +122,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: money-tree
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -168,8 +182,6 @@ description: Accepts orders via http, returns payment info via http or streams u
   via websockets, stores orders in a DB
 email: roman.snitko@gmail.com
 executables:
-- goliath.log
-- goliath.log_stdout.log
 - straight-console
 - straight-server
 - straight-server-benchmark
@@ -192,8 +204,6 @@ files:
 - benchmark/config.yml
 - benchmark/default_last_keychain_id
 - benchmark/server_secret
-- bin/goliath.log
-- bin/goliath.log_stdout.log
 - bin/straight-console
 - bin/straight-server
 - bin/straight-server-benchmark
@@ -206,6 +216,9 @@ files:
 - db/migrations/007_add_active_switcher_to_gateways.rb
 - db/migrations/008_add_order_counters_to_gateways.rb
 - db/migrations/009_add_hashed_id_to_gateways.rb
+- db/migrations/010_add_address_reusability_orders.rb
+- db/migrations/011_add_callback_data_to_orders.rb
+- db/schema.rb
 - examples/client/client.dart
 - examples/client/client.html
 - examples/client/client.js
@@ -219,7 +232,9 @@ files:
 - lib/straight-server/random_string.rb
 - lib/straight-server/server.rb
 - lib/straight-server/thread.rb
+- lib/straight-server/throttler.rb
 - lib/straight-server/utils/hash_string_to_sym_keys.rb
+- lib/tasks/db.rake
 - spec/.straight/config.yml
 - spec/.straight/server_secret
 - spec/factories.rb
@@ -229,6 +244,7 @@ files:
 - spec/lib/initializer_spec.rb
 - spec/lib/order_spec.rb
 - spec/lib/orders_controller_spec.rb
+- spec/lib/throttle_spec.rb
 - spec/lib/utils/hash_string_to_sym_keys.rb
 - spec/spec_helper.rb
 - spec/support/custom_matchers.rb

data/bin/goliath.log

@@ -1,6 +0,0 @@
-[10084:INFO] 2015-04-16 04:12:10 :: Starting server on 0.0.0.0:9696 in development mode. Watch out for stones.
-[10084:INFO] 2015-04-16 04:12:21 :: Status: 200, Content-Length: 963, Response Time: 24.10ms
-[10084:INFO] 2015-04-16 04:12:21 :: Status: 200, Content-Length: 366, Response Time: 3.11ms
-[10084:INFO] 2015-04-16 04:12:26 :: Status: 200, Content-Length: 963, Response Time: 2.73ms
-[10084:INFO] 2015-04-16 04:12:26 :: Status: 200, Content-Length: 366, Response Time: 3.25ms
-[10084:INFO] 2015-04-16 04:12:40 :: Status: 500, Content-Length: 99, Response Time: 3.67ms

data/bin/goliath.log_stdout.log

@@ -1,51 +0,0 @@
-
-I, [2015-04-16T04:12:40.115826 #10084]  INFO -- : POST /gateways/4989d549e95a757efa02023d12023ef0ffec6088dc0e4a36e630a10e67c25d06/orders
-{"amount"=>"1"}
-F, [2015-04-16T04:12:40.116493 #10084] FATAL -- : Sequel::DatabaseDisconnectError: PG::ConnectionBad: PQconsumeInput() SSL connection has been closed unexpectedly
-
-Backtrace:
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:180:in `async_exec'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:180:in `block in execute_query'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/database/logging.rb:33:in `log_yield'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:180:in `execute_query'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:167:in `block in execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:143:in `check_disconnect_errors'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:167:in `execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:511:in `_execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:335:in `block (2 levels) in execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:532:in `check_database_errors'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:335:in `block in execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/database/connecting.rb:250:in `block in synchronize'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/connection_pool/threaded.rb:98:in `hold'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/database/connecting.rb:250:in `synchronize'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:335:in `execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/dataset/actions.rb:911:in `execute'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/adapters/postgres.rb:655:in `fetch_rows'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/dataset/actions.rb:137:in `each'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/dataset/actions.rb:643:in `single_record'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/sequel-4.21.0/lib/sequel/dataset/actions.rb:192:in `first'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/gateway.rb:233:in `find_by_hashed_id'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/orders_controller.rb:85:in `dispatch'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/orders_controller.rb:12:in `initialize'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/initializer.rb:131:in `new'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/initializer.rb:131:in `block in initialize_routes'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/server.rb:72:in `call'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/server.rb:72:in `block in process_request'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/server.rb:71:in `each'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/server.rb:71:in `process_request'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/server.rb:44:in `block in response'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/logmaster-0.1.5/lib/logmaster.rb:54:in `watch_exceptions'
-    /home/roman/Dropbox/Work/straight/server/lib/straight-server/server.rb:37:in `response'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/goliath-1.0.4/lib/goliath/api.rb:163:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/faye-websocket-0.9.2/lib/faye/adapters/goliath.rb:28:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/goliath-1.0.4/lib/goliath/rack/params.rb:65:in `block in call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/goliath-1.0.4/lib/goliath/rack/validator.rb:40:in `safely'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/goliath-1.0.4/lib/goliath/rack/params.rb:63:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/goliath-1.0.4/lib/goliath/rack/async_middleware.rb:73:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/rack-1.6.0/lib/rack/content_length.rb:15:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/async-rack-0.5.1/lib/async_rack/async_callback.rb:114:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/async-rack-0.5.1/lib/async_rack/async_callback.rb:91:in `block in new'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/rack-1.6.0/lib/rack/reloader.rb:44:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/rack-1.6.0/lib/rack/reloader.rb:44:in `call'
-    /home/roman/.rvm/gems/ruby-2.2.0/gems/goliath-1.0.4/lib/goliath/request.rb:166:in `block in process'
-