viximo-rack-throttle 0.4.0 → 0.5.0

data/README

@@ -139,32 +139,18 @@ override the `#client_identifier` method.
 
 HTTP Response Codes and Headers
 -------------------------------
+### 429 Too Many Requests
+In the past various status codes has been used to indicate over-use.
 
-### 403 Forbidden (Rate Limit Exceeded)
+In 2012, the IETF standardized on a new response status 429 (Too Many Requests)
+[RFC6585].
 
 When a client exceeds their rate limit, `Rack::Throttle` by default returns
-a "403 Forbidden" response with an associated "Rate Limit Exceeded" message
+a 429 (Too Many Requests) header with an associated "Rate Limit Exceeded" message
 in the response body.
 
-An HTTP 403 response means that the server understood the request, but is
-refusing to respond to it and an accompanying message will explain why.
-This indicates an error on the client's part in exceeding the rate limits
-outlined in the acceptable use policy for the site, service, or API.
-
-### 503 Service Unavailable (Rate Limit Exceeded)
-
-However, there exists a widespread practice of instead returning a "503
-Service Unavailable" response when a client exceeds the set rate limits.
-This is technically dubious because it indicates an error on the server's
-part, which is certainly not the case with rate limiting - it was the client
-that committed the oops, not the server.
-
-An HTTP 503 response would be correct in situations where the server was
-genuinely overloaded and couldn't handle more requests, but for rate
-limiting an HTTP 403 response is more appropriate. Nonetheless, if you think
-otherwise, `Rack::Throttle` does allow you to override the returned HTTP
-status code by passing in a `:code => 503` option when constructing a
-`Rack::Throttle::Limiter` instance.
+The status code can be overridden by passing in `:code => 403` option when
+constructing a `Rack::Throttle::Limiter` instance.
 
 Documentation
 -------------
@@ -221,3 +207,4 @@ information, see <http://unlicense.org/> or the accompanying UNLICENSE file.
 [redis]:           http://rubygems.org/gems/redis
 [Heroku]:          http://heroku.com/
 [Heroku memcache]: http://docs.heroku.com/memcache
+[RFC6585]:         http://tools.ietf.org/html/rfc6585

data/lib/rack/throttle/daily.rb

@@ -32,6 +32,10 @@ module Rack; module Throttle
 
     alias_method :max_per_window, :max_per_day
 
+    def retry_after
+      "86400" # simplification, because the strategy is not sliding
+    end
+    
     protected
 
     ##
@@ -41,4 +45,4 @@ module Rack; module Throttle
       [super, Time.now.strftime('%Y-%m-%d')].join(':')
     end
   end
-end; end
+end; end

data/lib/rack/throttle/hourly.rb

@@ -32,6 +32,10 @@ module Rack; module Throttle
 
     alias_method :max_per_window, :max_per_hour
 
+    def retry_after
+      "3600" # simplification, because the strategy is not sliding
+    end
+    
     protected
 
     ##

data/lib/rack/throttle/interval.rb

@@ -27,11 +27,11 @@ module Rack; module Throttle
     # @param  [Rack::Request] request
     # @return [Boolean]
     def allowed?(request)
-      t1 = request_start_time(request)
-      t0 = cache_get(key = cache_key(request)) rescue nil
-      allowed = !t0 || (dt = t1 - t0.to_f) >= minimum_interval
+      start_time = request_start_time(request)
+      last_call_time = cache_get(key = cache_key(request)) rescue nil
+      allowed = !last_call_time || (dt = start_time - last_call_time.to_f) >= minimum_interval
       begin
-        cache_set(key, t1)
+        cache_set(key, start_time)
         allowed
       rescue => e
         # If an error occurred while trying to update the timestamp stored

data/lib/rack/throttle/limiter.rb

@@ -10,16 +10,20 @@ module Rack; module Throttle
   #   end
   #
   class Limiter
+    
     attr_reader :app
     attr_reader :options
-
+    
+    CODE = 429 # http://tools.ietf.org/html/rfc6585
+    MESSAGE = "Rate Limit Exceeded"
+    
     ##
     # @param  [#call]                       app
     # @param  [Hash{Symbol => Object}]      options
     # @option options [String]  :cache      (Hash.new)
     # @option options [String]  :key        (nil)
     # @option options [String]  :key_prefix (nil)
-    # @option options [Integer] :code       (403)
+    # @option options [Integer] :code       (429)
     # @option options [String]  :message    ("Rate Limit Exceeded")
     def initialize(app, options = {})
       @app, @options = app, options
@@ -177,7 +181,7 @@ module Rack; module Throttle
     def rate_limit_exceeded(request)
       options[:rate_limit_exceeded_callback].call(request) if options[:rate_limit_exceeded_callback]
       headers = respond_to?(:retry_after) ? {'Retry-After' => retry_after.to_f.ceil.to_s} : {}
-      http_error(options[:code] || 403, options[:message] || 'Rate Limit Exceeded', headers)
+      http_error(options[:code] || CODE, options[:message] || MESSAGE, headers)
     end
 
     ##

data/lib/rack/throttle/minute.rb

@@ -28,6 +28,10 @@ module Rack; module Throttle
     def max_per_minute
       @max_per_hour ||= options[:max_per_minute] || options[:max] || 60
     end
+    
+    def retry_after
+      "60" # simplification, because the strategy is not sliding
+    end
 
     alias_method :max_per_window, :max_per_minute
 

data/lib/rack/throttle/version.rb

@@ -1,7 +1,7 @@
 module Rack; module Throttle
   module VERSION
     MAJOR = 0
-    MINOR = 4
+    MINOR = 5
     TINY  = 0
     EXTRA = nil
 

metadata

@@ -1,113 +1,103 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: viximo-rack-throttle
-version: !ruby/object:Gem::Version 
-  hash: 15
+version: !ruby/object:Gem::Version
+  version: 0.5.0
   prerelease: 
-  segments: 
-  - 0
-  - 4
-  - 0
-  version: 0.4.0
 platform: ruby
-authors: 
+authors:
 - Arto Bendiken
 - Brendon Murphy
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-10-31 00:00:00 -04:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-05-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack-test
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 13
-        segments: 
-        - 0
-        - 5
-        - 3
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.5.3
   type: :development
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 1
-        - 3
-        - 0
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 1.3.0
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: yard
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 1
-        segments: 
-        - 0
-        - 5
-        - 5
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.5.5
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: timecop
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.5.5
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 0
-        - 3
-        - 4
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.3.4
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.3.4
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 0
-        - 0
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.0.0
   type: :runtime
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 description: Rack middleware for rate-limiting incoming HTTP requests.
 email: arto.bendiken@gmail.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - AUTHORS
 - README
 - UNLICENSE
@@ -119,41 +109,30 @@ files:
 - lib/rack/throttle/time_window.rb
 - lib/rack/throttle/version.rb
 - lib/rack/throttle.rb
-has_rdoc: false
 homepage: http://github.com/Viximo/rack-throttle
-licenses: 
+licenses:
 - Public Domain
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 51
-      segments: 
-      - 1
-      - 8
-      - 2
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.8.2
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: datagraph
-rubygems_version: 1.5.3
+rubygems_version: 1.8.21
 signing_key: 
 specification_version: 3
 summary: HTTP request rate limiter for Rack applications.
 test_files: []
-
+has_rdoc: false