web_tsunami 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2a151d3928ef65c636d341b5c00c4aab1f51314f7bb809e845f1281782b172db
-  data.tar.gz: '08597d6fcdb0157c1636033ebc92c2a0a0accd66d023ae6d609817f60d371756'
+  metadata.gz: feec552f2db4cf26a58dc9349313afd80bfd7da50f5143e3475f4c9cad497d6d
+  data.tar.gz: 54fafe2b562ba52ae68c12930ae8c33f80e3e6557b4e3d74cb5e3fa741a3ea9d
 SHA512:
-  metadata.gz: 4f987ec8a711515c8bf5c8045b8fb074b8e4617af5c802e66cf0900b2e5df89eaeb286b78a529ef9508d7629ed365bbe73384bb722308a77dd26084d2ddce361
-  data.tar.gz: e9e2e9d3c9c975b3f6f2b6ce3ea2657da4bd806819944b34ea7824621e85700637b340a2dab3388af74723d1391080e45da8b766488fbc9d1a41d0369bfcb521
+  metadata.gz: 6359c7e63dae34c480395d4f27f040b524fca85e1bb48422ab522ea8da899a39ec59613ff4ce3d7068b50f0c31e06b27f1087560d8506aa8fbf27a4df5e7b804
+  data.tar.gz: c967132a8f0ad8a9346683ed3dd84436e33d0a01275a73511aadd87a65bb45b84455aa89e54501e974b1d6d58b150b6dfb2597dd7db6f8a63df4dbafde2778bd

data/CHANGELOG.md

@@ -1,6 +1,15 @@
 # Changelog of Web Tsunami
 
-## Unreleased
+## 0.3.0 (2024-02-01)
+
+* Add session object to handle automatically cookies and CSRF tokens
+
+## 0.2.0 (2024-01-25)
+
+* Add methods post, put, patch and delete
+* Improve README with an advanced example
+
+## 0.1.0 (2024-01-19)
 
 * Fix non compatible changes of Typhoeus
 

data/README.md

@@ -1,3 +1,5 @@
+<img align="right" width="120px" src="./web_tsunami.png">
+
 # Web Tsunami
 
 Write tailor-made scenarios for load testing web apps
@@ -5,16 +7,31 @@ Write tailor-made scenarios for load testing web apps
 ## Why
 
 Many good tools already exist for a very long time such as ApacheBench and Siege.
-But, sometimes load testing a web app requires to write a custom scenario.
+The goal is not to replace them.
+But sometimes, load testing a web app requires to write a custom scenario.
+My initial requirement was to send requests with unique parameters.
+To the best of my knowledge, no tool could do this.
+
 The goal is to focus only on the scenario without thinking about forking, threads and non blocking IOs.
 Fortunately there is [Typhoeus](https://github.com/typhoeus/typhoeus) to send parallel HTTP requests.
 
+## How
+
 Web Tsunami is a tiny class that forks every seconds and sends as many requests as expected.
+It provide the methods `get`, `post`, `put`, `patch` and `delete`.
+They all accept the same arguments : `get(url, options = {}, &block)`.
+The `options` is given to Typhoeus as is.
+It can contain headers and the request body.
+See [Typhoeus usage](https://github.com/typhoeus/typhoeus/#usage) for more details.
 
-## Example
+## Examples
+
+Let's start with a very trivial scenario and I will show you an advanced one after :
 
 ```ruby
-class Example < WebTsunami::Scenario
+require "web_tsunami"
+
+class SearchTsunami < WebTsunami::Scenario
   def run
     get("http://site.example") do
       # Block is executed once the response has been received
@@ -22,7 +39,7 @@ class Example < WebTsunami::Scenario
       get("http://site.example/search?query=stress+test") do |response|
         # Do whatever you need with the response object or ignore it
         sleep(10)
-        get("http://site.example/search?query=stress+test&page=2") do
+        get("http://site.example/search?query=stress+test&page=#{rand(100)}") do
           sleep(5)
           get("http://site.example/stress/test")
         end
@@ -33,11 +50,40 @@ end
 
 # Simulates 100 concurrent visitors every second for 10 minutes
 # It's a total of 60K unique visitors for an average of 23'220 rpm.
-Example.start(concurrency: 100, duration: 60 * 10)
+SearchTsunami.start(concurrency: 100, duration: 60 * 10)
+```
+
+In this scenario, a visitor comes on the index page, then search for _stress test_, then go on a random page of the search result, and finally found the stress test page.
+It introduces a unique parameters which is the page number.
+It's nice, but it could have almost be done with Siege.
+Let me show you a more realistic scenario.
+
+```ruby
+require "web_tsunami"
+
+class SessionTsunami < WebTsunami::Scenario
+  def run
+    # The session object stores cookies and automatically submit CSRF token with forms
+    session = WebTsunami::Session.new(self, "https://site.example")
+    session.get("/") do
+      session.get("/account/new") do
+        # An authenticity_token param is automatically added by the session
+        session.post("/account", body: {account: "#{rand(1000000)}@email.test", password: "password"}}) do |response|
+          # The session stores the Set-Cookie header and will provide it to the next requests
+          session.get("/dashboard") do # Redirection after registration
+            # And so on
+          end
+        end
+      end
+    end
+  end
+end
+
+SessionTsunami.start(concurrency: 100, duration: 60 * 10)
 ```
 
-In this example, the same requests are always sent.
-But you can provide dynamic query strings, use variables and some randomness.
+This is more realistic because it handles CSRF tokens and cookies.
+Thus the scenario can submit forms and behaves a little bit more like a real visitor.
 
 ## Output and result
 

data/lib/web_tsunami/scenario.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module WebTsunami
+  # Scenario is the class that handle all the parallel requests.
+  class Scenario
+    attr_reader :concurrency
+
+    def self.start(options)
+      options[:duration].times { fork { new(options[:concurrency]).start } and sleep(1) }
+      Process.wait
+    end
+
+    def initialize(concurrency)
+      @concurrency = concurrency
+    end
+
+    def requests
+      @requests ||= Typhoeus::Hydra.new
+    end
+
+    def get(url, options = {}, &block)
+      request(:get, url, options, &block)
+    end
+
+    def post(url, options = {}, &block)
+      request(:post, url, options, &block)
+    end
+
+    def put(url, options = {}, &block)
+      request(:put, url, options, &block)
+    end
+
+    def patch(url, options = {}, &block)
+      request(:patch, url, options, &block)
+    end
+
+    def delete(url, options = {}, &block)
+      request(:delete, url, options, &block)
+    end
+
+    def request(method, url, options, &block)
+      req = Typhoeus::Request.new(url, {method: method}.merge(options))
+      requests.queue(req)
+      req.on_complete do |response|
+        if response.timed_out?
+          puts "Timeout #{url}"
+        elsif response.code == 0
+          puts "#{response.return_message} #{response.request.options[:method]} #{url}"
+        elsif !response.success? && ![302, 303].include?(response.code)
+          puts "#{response.code} #{response.request.options[:method]} #{url}"
+        end
+        block.call(response) if block
+      end
+    end
+
+    def start
+      concurrency.times { run }
+      requests.run
+    end
+
+    def run
+      raise NotImplementedError
+    end
+  end
+end

data/lib/web_tsunami/session.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module WebTsunami
+  # Session is a helper class to be used inside a scenario.
+  # It's purpose is to avoid low level manipulations to handle cookies and CSRF tokens automatically.
+  class Session
+    attr_reader :scenario, :root_url
+
+    attr_reader :cookies, :last_response
+
+    def initialize(scenario, root_url)
+      @scenario = scenario
+      @root_url = root_url
+      @cookies = {}
+      @last_response = nil
+    end
+
+    def get(path, options = {}, &block)
+      url = File.join(root_url, path)
+      inject_headers(default_headers, options)
+      scenario.get(url, options) do |response|
+        @last_response = response
+        save_cookies(response)
+        block&.call(response)
+      end
+    end
+
+    def post(path, options = {}, &block)
+      url = File.join(root_url, path)
+      inject_headers(default_post_headers, options)
+      inject_csrf_token(options)
+      scenario.post(url, options) do |response|
+        @last_response = response
+        save_cookies(response)
+        block&.call(response)
+      end
+    end
+
+    private
+
+    def default_headers
+      {
+        "Origin" => last_response && request_origin_header(last_response.request),
+        "Cookie" => cookies.map { |(k,v)| "#{k}=#{v}" }.join(" "),
+      }
+    end
+
+    def default_post_headers
+      default_headers.merge("Content-Type" => "application/x-www-form-urlencoded;charset=UTF-8")
+    end
+
+    def request_origin_header(request)
+      return "null" unless request
+      uri = URI(request.base_url.to_s)
+      if [80, 443].include?(uri.port)
+        "#{uri.scheme}://#{uri.host}"
+      else
+        "#{uri.scheme}://#{uri.host}:#{uri.port}"
+      end
+    end
+
+    CSRF_REGEX = /<meta name="csrf-token" content="([^"]+)"/
+
+    def extract_csrf_token(html)
+      html.match(CSRF_REGEX)[1]
+    end
+
+    def save_cookies(response)
+      return unless header = response.headers["Set-Cookie"]
+      Array(header).each do |cookie|
+        name, value = cookie.split(" ", 2)[0].split("=")
+        @cookies[name] = value
+      end
+    end
+
+    def inject_headers(headers, options)
+      options[:headers] = headers.merge(options[:headers] || {})
+    end
+
+    def inject_csrf_token(options)
+      if options[:body].is_a?(Hash) && last_response
+        options[:body] = {authenticity_token: extract_csrf_token(last_response.body)}.merge(options[:body])
+      end
+    end
+  end
+end

data/lib/web_tsunami/version.rb

@@ -1,3 +1,3 @@
 module WebTsunami
-  VERSION = "0.1.0"
+  VERSION = "0.3.0"
 end

data/lib/web_tsunami.rb

@@ -1,52 +1,5 @@
 # -*- encoding : utf-8 -*-
 
-require 'typhoeus'
-
-module WebTsunami
-  class Scenario
-
-    attr_reader :concurrency
-
-    def self.start(options)
-      options[:duration].times { fork { new(options[:concurrency]).start } and sleep(1) }
-      Process.wait
-    end
-
-    def initialize(concurrency)
-      @sleeps = {}
-      @concurrency = concurrency
-    end
-
-    def requests
-      @requests ||= Typhoeus::Hydra.new
-    end
-
-    def get(url, &block)
-      requests.queue(req = Typhoeus::Request.new(url, request_options))
-      req.on_complete do |response|
-        if response.timed_out?
-          puts "Timeout #{url}"
-        elsif response.code == 0
-          puts "#{response.return_message} #{url}"
-        elsif !response.success? && response.code != 302
-          puts "#{response.code} #{url}"
-        end
-        block.call(response) if block
-      end
-    end
-
-    def start
-      concurrency.times { run }
-      requests.run
-    end
-
-    def run
-      raise NotImplementedError
-    end
-
-    def request_options
-      {}
-    end
-
-  end
-end
+require "typhoeus"
+require "web_tsunami/scenario"
+require "web_tsunami/session"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: web_tsunami
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Alexis Bernard
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-19 00:00:00.000000000 Z
+date: 2024-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -36,10 +36,12 @@ files:
 - Gemfile.lock
 - LICENSE.txt
 - README.md
-- example.rb
 - lib/web_tsunami.rb
+- lib/web_tsunami/scenario.rb
+- lib/web_tsunami/session.rb
 - lib/web_tsunami/version.rb
 - web_tsunami.gemspec
+- web_tsunami.png
 homepage: https://github.com/BaseSecrete/web_tsunami
 licenses:
 - MIT

data/example.rb

@@ -1,28 +0,0 @@
-$LOAD_PATH << File.dirname(__FILE__)
-
-require 'web_tsunami'
-
-# Triggers the following requests concurently:
-# http://www.google.com
-# http://www.google.com/search?q=ruby
-# http://www.google.com/search?q=ruby&start=10
-
-class GoogleTsunami < WebTsunami::Scenario
-  def run
-    get('http://www.google.com') do
-      puts 'http://www.google.com'
-      get('http://www.google.com/search?q=ruby') do
-        puts 'http://www.google.com/search?q=ruby'
-        get('http://www.google.com/search?q=ruby&start=10') do
-          puts 'http://www.google.com/search?q=ruby&start=10'
-        end
-      end
-    end
-  end
-end
-
-# Set concurrency and duration in seconds and start your script.
-# These numbers are voluntary low because I don't want any trouble with Google.
-# But don't hesitate to set a higher concurrency and a duration of almost 5 minutes
-# in order to get a reliable benchmark.
-GoogleTsunami.start(concurrency: 2, duration: 10)