wait_a_minute 0.0.1 → 0.0.2

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in wait_a_minute.gemspec
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 György (George) Schreiber (gyDotschreiberAtmobilityDothu)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,77 @@
+== WaitAMinute
+
+A simple, application level DOS (Denial-Of-Service) protection tool for 
+small Rails applications.
+
+== How does it work?
+
+Once WaitAMinute gem is installed and configured in a Rails application, it 
+will run a before_filter on *every* call to any subclasses of ActionController.
+
+The before hook checks if the IP is a 'friendly' one (eg. NewRelic monitoring), 
+meaning it is allowed no matter what. 
+For 'non-friendly' IP addresses, the before filter checks if the IP is not already
+banned within a minute (hence the name of the gem), if not, it checks the number 
+of previous requests from the given address within a configurable floating timeframe
+and allows the request to be served only if the address did not exceed the allowed
+maximum requests within the timeframe. WaitAMinute then stores the request IP and 
+the timestamp along with a bit indicating if the request was refused or not.
+
+If the IP is banned, WaitAMinute renders a page with HTTP status 503 telling the 
+server is too busy to handle the request and that the user should retry after a minute.
+
+== Installation
+
+add the gem to your Gemfile then
+# bundle install
+
+== Configuration
+
+in your application's root directory, 
+
+run 
+# rails g wait_a_minute:install
+
+then
+# rake db:migrate
+
+finally revise and tweak
+config/initializers/wait_a_minute.rb
+
+WaitAMinute.lookback_interval - the floating timeframe size, 
+eg. 2.minutes
+
+WaitAMinute.maximum_requests - the max number of requests from a single IP 
+within the timeframe, eg. 24 - along with the above it allows a request 
+every 5 seconds from a single IP address
+
+WaitAMinute.debug - set to true for having IP filtering logged
+
+WaitAMinute.layout - if some layout is needed around the error page, specify it 
+here /for best performance it is not recommended, we want banned IP's to use 
+the least resources/
+
+WaitAMinute.allowed_ips - an array of strings with IP addresses that never should 
+be banned, eg, ['127.0.0.1'] (once tried that it works ok on the development box, 
+likely want the local developer to pass through always)
+
+== Customization
+
+create app/views/wait_a_minute/wait_a_minute.html.erb and customize to your 
+liking to override the default error page for banned IP addresses.
+
+== Maintenance
+
+from time to time WaitAMinute.cleanup should be called from a scheduled
+script to flush obsolete request logs in order to keep an optimal
+ActiveRecord performance in its filtering operations.
+
+== Further considerations
+
+as the piece of software works with the REMOTE_ADDR of the request, it is only 
+suitable in environments where it reflects the original request address.
+(eg. it won't work in an environment where a load balancer replaces the
+REMOTE_ADDR address in the request)
+
+
+

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/app/views/wait_a_minute/wait_a_minute.html.erb

@@ -0,0 +1,5 @@
+<h1>Wait a minute!</h1>
+<p>
+The server is too busy to serve your request. Please try again in a minute.
+<br />
+</p>

data/lib/generators/templates/initializer.rb

@@ -0,0 +1,10 @@
+# Wait A Minute options
+
+# allowing a request every 5 seconds per IP
+WaitAMinute.lookback_interval = 2.minutes
+WaitAMinute.maximum_requests = 24
+WaitAMinute.debug = true
+#WaitAMinute.layout = 'application'         # using no layout greatly improves performance & response time
+#WaitAMinute.allowed_ips = ['127.0.0.1']
+
+

data/lib/generators/templates/migration.rb

@@ -0,0 +1,22 @@
+class CreateWaitAMinuteRequestLogs < ActiveRecord::Migration
+  def self.up
+    create_table :wait_a_minute_request_logs, :id => false do |t|
+      t.string :ip
+      #t.string :url
+      t.boolean :refused, :nil => false, :default => false
+      t.datetime :created_at, :nil => false
+
+      #t.timestamps
+    end
+    add_index :wait_a_minute_request_logs, :ip
+    #add_index :wait_a_minute_request_logs, :url
+    add_index :wait_a_minute_request_logs, :created_at
+    add_index :wait_a_minute_request_logs, [:ip, :refused]
+    add_index :wait_a_minute_request_logs, [:ip, :created_at]
+    add_index :wait_a_minute_request_logs, [:ip, :created_at, :refused]
+  end
+
+  def self.down
+    drop_table :wait_a_minute_request_logs
+  end
+end

data/lib/generators/wait_a_minute/initializer_generator.rb

@@ -0,0 +1,15 @@
+module WaitAMinute
+  module Generators
+    class InitializerGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Creates a WaitAMinute initializer in your application."
+      class_option :orm
+
+      def copy_initializer
+        template "initializer.rb", "config/initializers/wait_a_minute.rb"
+      end
+    end
+  end
+end
+

data/lib/generators/wait_a_minute/install_generator.rb

@@ -0,0 +1,18 @@
+module WaitAMinute
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Creates a WaitAMinute initializer and migration in your application."
+      class_option :orm
+
+      def copy_initializer
+        template 'initializer.rb', "config/initializers/wait_a_minute.rb"
+      end
+
+      def copy_migration
+        template 'migration.rb', "db/migrate/#{Time.new.strftime("%Y%m%d%H%M%S")}_create_wait_a_minute.rb"
+      end
+    end
+  end
+end

data/lib/generators/wait_a_minute/migration_generator.rb

@@ -0,0 +1,14 @@
+module WaitAMinute
+  module Generators
+    class MigrationGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Creates a WaitAMinute migration in your application."
+      class_option :orm
+
+      def copy_migration
+        template 'migration.rb', "db/migrate/#{Time.new.strftime("%Y%m%d%H%M%S")}_create_wait_a_minute.rb"
+      end
+    end
+  end
+end

data/lib/wait_a_minute/version.rb

@@ -0,0 +1,3 @@
+module WaitAMinute
+  VERSION = "0.0.2"
+end

data/lib/wait_a_minute/wait_a_minute_request_log.rb

@@ -0,0 +1,39 @@
+require 'active_record'
+require 'active_support/configurable'
+
+module WaitAMinute
+  class WaitAMinuteRequestLog < ActiveRecord::Base
+
+    def self.allow_request?(req = nil)
+      return false unless req && (req.is_a?(ActionDispatch::Request) || req.is_a?(ActionController::TestRequest))
+      allow = false
+      ip = req.env['REMOTE_ADDR']
+      if WaitAMinute.allowed_ips.include?(ip)
+        Rails.logger.debug("IP #{ip} PASSING THROUGH WITHOUT REQUEST QUOTA CHECK...") if WaitAMinute.debug
+        allow = true
+      else
+        interval = WaitAMinute.lookback_interval
+        rinterval = 1.minutes
+        limit = WaitAMinute.maximum_requests
+
+        reqcount = nil
+        allow = self.where(:ip => ip, :refused => true).where('created_at > ?', (Time.new - rinterval) ).count == 0
+        allow &= (limit > (reqcount = self.where(:ip => ip).where('created_at > ?', (Time.new - interval) ).count)) if allow
+        newreq = self.create( :ip => ip, :refused => !allow )
+
+        Rails.logger.debug("IP #{ip} HAD #{reqcount} REQUESTS IN TIME WINDOW (max #{WaitAMinute.maximum_requests})...") if WaitAMinute.debug && !reqcount.nil?
+        Rails.logger.debug("IP #{ip} HAD ALREADY REFUSED REQUESTS IN TIME WINDOW...HE WON'T STOP") if WaitAMinute.debug && reqcount.nil?
+      end
+      allow
+    end
+
+    def self.cleanup
+      sql = ActiveRecord::Base.connection()
+
+      sql.execute "SET autocommit=0"
+      sql.begin_db_transaction
+      sql.delete("DELETE FROM `#{self.name.to_s.underscore.downcase.gsub(/[a-z0-9_]+\//,'').pluralize}` WHERE created_at < '#{Time.new - WaitAMinute.lookback_interval}'")
+      sql.commit_db_transaction
+    end
+  end
+end

data/lib/wait_a_minute.rb

@@ -0,0 +1,65 @@
+require 'active_support/core_ext/numeric/time'
+require 'active_support/dependencies'
+
+module WaitAMinute
+  # The interval for looking back
+  mattr_accessor :lookback_interval
+  @@lookback_interval = 2.minutes
+
+  # The maximum allowed requests in lookback_interval
+  mattr_accessor :maximum_requests
+  @@maximum_requests = 12		# that means a request every 10 seconds on average, that's pretty high from a human behind the IP
+
+  # Debug mode (puts some info in Rails log)
+  mattr_accessor :debug
+  @@debug = false		# that means a request every 10 seconds on average, that's pretty high from a human behind the IP
+
+  # The desired layout for the 503 error page
+  mattr_accessor :layout
+  @@layout = nil		# serving a simple page by default
+
+  # Array of strings containing IP addresses that are allowed to pass through
+  mattr_accessor :allowed_ips
+  @@allowed_ips = []
+
+
+
+  autoload :WaitAMinuteRequestLog, File.dirname(__FILE__) + '/wait_a_minute/wait_a_minute_request_log.rb'
+
+  require "rails"
+
+  class Engine < Rails::Engine
+    # we have a view
+  end
+
+  def self.cleanup
+    WaitAMinuteRequestLog.cleanup
+  end
+
+
+  # WaitAMinute::ControllerHelpers
+  module ControllerHelpers #:nodoc
+    # this will be called as a before filter
+    def prevent_dos
+      render_dos unless WaitAMinuteRequestLog.allow_request?(request)
+    end
+
+    # this will be called if IP exceeds allowed calls
+    def render_dos
+      respond_to do |type|
+        type.html { render :template => "wait_a_minute/wait_a_minute", :status => 503, :layout => WaitAMinute.layout }
+        type.all  { render :nothing => true, :status => 503 }
+      end
+      true
+    end
+
+  end   # WaitAMinute::ControllerHelpers
+
+end   # WaitAMinute
+
+
+# include view helpers in your actions
+ActionController::Base.module_eval do
+  include WaitAMinute::ControllerHelpers
+  before_filter :prevent_dos
+end

data/wait_a_minute.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "wait_a_minute/version"
+
+Gem::Specification.new do |s|
+  s.name        = "wait_a_minute"
+  s.version     = WaitAMinute::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["George Schreiber"]
+  s.email       = ["gy.schreiber@mobility.hu"]
+  s.homepage    = ""
+  s.summary     = %q{A very simple DOS (Denial-Of-Service) attack prevention gem}
+  s.description = %q{By including this in your app, it can track requests per IP address and refuse processing the request if there were too many requests recently from the given IP address.}
+
+  s.rubyforge_project = "wait_a_minute"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "rspec", "2.1.0"
+  s.add_dependency "rails", ">=3.0.1"
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: wait_a_minute
 version: !ruby/object:Gem::Version 
-  hash: 29
+  hash: 27
   prerelease: 
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - George Schreiber
@@ -59,8 +59,21 @@ extensions: []
 
 extra_rdoc_files: []
 
-files: []
-
+files: 
+- Gemfile
+- MIT-LICENSE
+- README
+- Rakefile
+- app/views/wait_a_minute/wait_a_minute.html.erb
+- lib/generators/templates/initializer.rb
+- lib/generators/templates/migration.rb
+- lib/generators/wait_a_minute/initializer_generator.rb
+- lib/generators/wait_a_minute/install_generator.rb
+- lib/generators/wait_a_minute/migration_generator.rb
+- lib/wait_a_minute.rb
+- lib/wait_a_minute/version.rb
+- lib/wait_a_minute/wait_a_minute_request_log.rb
+- wait_a_minute.gemspec
 has_rdoc: true
 homepage: ""
 licenses: []