RubyGems - web_tsunami - Versions diffs - 0.2.0 → 0.3.0 - Mend

web_tsunami 0.2.0 → 0.3.0

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5684946d08e860b309d812707e690d91f45698140d5a22b1d8fe963f85203f25
-  data.tar.gz: dd58e555fc6c6dc89c3e1205299fec88c3879635ea36f4e78baa49a5f00993e5
+  metadata.gz: feec552f2db4cf26a58dc9349313afd80bfd7da50f5143e3475f4c9cad497d6d
+  data.tar.gz: 54fafe2b562ba52ae68c12930ae8c33f80e3e6557b4e3d74cb5e3fa741a3ea9d
 SHA512:
-  metadata.gz: 1a29b20791f56ba1e87b4168777fd9a362a6bc06c3548bd5bc1a7a2d44b4d765153fb24ca732fea99172d0a2d2ffbdbad08aec7d0063cc018fa5309e740c647f
-  data.tar.gz: 3991dbf3d1b3d72c2aa40f734a153a8ed40f4bfbc903afdd6f3780c4b81ef918b0ed4033ee5f3521837342987ff16cd1a5f2a5f2d5a68990039c0a2d67356189
+  metadata.gz: 6359c7e63dae34c480395d4f27f040b524fca85e1bb48422ab522ea8da899a39ec59613ff4ce3d7068b50f0c31e06b27f1087560d8506aa8fbf27a4df5e7b804
+  data.tar.gz: c967132a8f0ad8a9346683ed3dd84436e33d0a01275a73511aadd87a65bb45b84455aa89e54501e974b1d6d58b150b6dfb2597dd7db6f8a63df4dbafde2778bd

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 # Changelog of Web Tsunami
+## 0.3.0 (2024-02-01)
+* Add session object to handle automatically cookies and CSRF tokens
 ## 0.2.0 (2024-01-25)
 * Add methods post, put, patch and delete

data/README.md CHANGED Viewed

@@ -56,69 +56,34 @@ SearchTsunami.start(concurrency: 100, duration: 60 * 10)
 In this scenario, a visitor comes on the index page, then search for _stress test_, then go on a random page of the search result, and finally found the stress test page.
 It introduces a unique parameters which is the page number.
 It's nice, but it could have almost be done with Siege.
-Let me show you a more advanced scenario.
+Let me show you a more realistic scenario.
 ```ruby
 require "web_tsunami"
-require "json"
-class RegistrationTsunami < WebTsunami::Scenario
-  # Simulate a visitor coming on the index page,
-  # then going to the registration form,
-  # and finally submitting the form.
+class SessionTsunami < WebTsunami::Scenario
   def run
-    get("http://site.example/") do |response|
-      get("http://site.example/account/new") do |response|
-        post("http://site.example/account", post_account_options(response)) do |response|
-          # Then visiting the dashboard, and so on.
+    # The session object stores cookies and automatically submit CSRF token with forms
+    session = WebTsunami::Session.new(self, "https://site.example")
+    session.get("/") do
+      session.get("/account/new") do
+        # An authenticity_token param is automatically added by the session
+        session.post("/account", body: {account: "#{rand(1000000)}@email.test", password: "password"}}) do |response|
+          # The session stores the Set-Cookie header and will provide it to the next requests
+          session.get("/dashboard") do # Redirection after registration
+            # And so on
+          end
         end
       end
     end
   end
-  private
-  def post_account_options(response)
-    # In order to not be blocked by the Cross-Site Request Forgery, the request must contain :
-    #   1. Cookie header
-    #   2. authenticity_token form param
-    {
-      headers: build_post_headers(response),
-      body: JSON.generate(
-        authenticity_token: extract_csrf_token(response.body),
-        user: {
-          name: name = rand.to_s[2..-1],
-          email: "#{name}@domain.test",
-          password: name,
-        }
-      ),
-    }
-  end
-  def build_post_headers(response)
-    {
-      "Origin" => response.request&.base_url,
-      "Content-Type" => "application/json",
-      "Cookie" => response.headers["Set-Cookie"],
-      # To Simulate a post XmlHttpRequest from JavaScript, you should provide these headers :
-      # "X-CSRF-Token" => extract_csrf_token(response.body),
-      # "X-Requested-With" => "XMLHttpRequest"
-    }
-  end
-  CSRF_REGEX = /<meta name="csrf-token" content="([^"]+)"/
-  def extract_csrf_token(html)
-    html.match(CSRF_REGEX)[1]
-  end
 end
-# Simulates 100 concurrent visitors every second for 10 minutes
-RegistrationTsunami.start(concurrency: 100, duration: 10)
+SessionTsunami.start(concurrency: 100, duration: 60 * 10)
 ```
-This is more complex because it handles CSRF and every submitted forms are unique.
-Indeed emails must be unique, so it's not possible to send the same data everytime.
+This is more realistic because it handles CSRF tokens and cookies.
+Thus the scenario can submit forms and behaves a little bit more like a real visitor.
 ## Output and result

data/lib/web_tsunami/scenario.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module WebTsunami
+  # Scenario is the class that handle all the parallel requests.
+  class Scenario
+    attr_reader :concurrency
+    def self.start(options)
+      options[:duration].times { fork { new(options[:concurrency]).start } and sleep(1) }
+      Process.wait
+    end
+    def initialize(concurrency)
+      @concurrency = concurrency
+    end
+    def requests
+      @requests ||= Typhoeus::Hydra.new
+    end
+    def get(url, options = {}, &block)
+      request(:get, url, options, &block)
+    end
+    def post(url, options = {}, &block)
+      request(:post, url, options, &block)
+    end
+    def put(url, options = {}, &block)
+      request(:put, url, options, &block)
+    end
+    def patch(url, options = {}, &block)
+      request(:patch, url, options, &block)
+    end
+    def delete(url, options = {}, &block)
+      request(:delete, url, options, &block)
+    end
+    def request(method, url, options, &block)
+      req = Typhoeus::Request.new(url, {method: method}.merge(options))
+      requests.queue(req)
+      req.on_complete do |response|
+        if response.timed_out?
+          puts "Timeout #{url}"
+        elsif response.code == 0
+          puts "#{response.return_message} #{response.request.options[:method]} #{url}"
+        elsif !response.success? && ![302, 303].include?(response.code)
+          puts "#{response.code} #{response.request.options[:method]} #{url}"
+        end
+        block.call(response) if block
+      end
+    end
+    def start
+      concurrency.times { run }
+      requests.run
+    end
+    def run
+      raise NotImplementedError
+    end
+  end
+end

data/lib/web_tsunami/session.rb ADDED Viewed

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+module WebTsunami
+  # Session is a helper class to be used inside a scenario.
+  # It's purpose is to avoid low level manipulations to handle cookies and CSRF tokens automatically.
+  class Session
+    attr_reader :scenario, :root_url
+    attr_reader :cookies, :last_response
+    def initialize(scenario, root_url)
+      @scenario = scenario
+      @root_url = root_url
+      @cookies = {}
+      @last_response = nil
+    end
+    def get(path, options = {}, &block)
+      url = File.join(root_url, path)
+      inject_headers(default_headers, options)
+      scenario.get(url, options) do |response|
+        @last_response = response
+        save_cookies(response)
+        block&.call(response)
+      end
+    end
+    def post(path, options = {}, &block)
+      url = File.join(root_url, path)
+      inject_headers(default_post_headers, options)
+      inject_csrf_token(options)
+      scenario.post(url, options) do |response|
+        @last_response = response
+        save_cookies(response)
+        block&.call(response)
+      end
+    end
+    private
+    def default_headers
+      {
+        "Origin" => last_response && request_origin_header(last_response.request),
+        "Cookie" => cookies.map { |(k,v)| "#{k}=#{v}" }.join(" "),
+      }
+    end
+    def default_post_headers
+      default_headers.merge("Content-Type" => "application/x-www-form-urlencoded;charset=UTF-8")
+    end
+    def request_origin_header(request)
+      return "null" unless request
+      uri = URI(request.base_url.to_s)
+      if [80, 443].include?(uri.port)
+        "#{uri.scheme}://#{uri.host}"
+      else
+        "#{uri.scheme}://#{uri.host}:#{uri.port}"
+      end
+    end
+    CSRF_REGEX = /<meta name="csrf-token" content="([^"]+)"/
+    def extract_csrf_token(html)
+      html.match(CSRF_REGEX)[1]
+    end
+    def save_cookies(response)
+      return unless header = response.headers["Set-Cookie"]
+      Array(header).each do |cookie|
+        name, value = cookie.split(" ", 2)[0].split("=")
+        @cookies[name] = value
+      end
+    end
+    def inject_headers(headers, options)
+      options[:headers] = headers.merge(options[:headers] || {})
+    end
+    def inject_csrf_token(options)
+      if options[:body].is_a?(Hash) && last_response
+        options[:body] = {authenticity_token: extract_csrf_token(last_response.body)}.merge(options[:body])
+      end
+    end
+  end
+end

data/lib/web_tsunami/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module WebTsunami
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/web_tsunami.rb CHANGED Viewed

@@ -1,68 +1,5 @@
 # -*- encoding : utf-8 -*-
-require 'typhoeus'
-module WebTsunami
-  class Scenario
-    attr_reader :concurrency
-    def self.start(options)
-      options[:duration].times { fork { new(options[:concurrency]).start } and sleep(1) }
-      Process.wait
-    end
-    def initialize(concurrency)
-      @concurrency = concurrency
-    end
-    def requests
-      @requests ||= Typhoeus::Hydra.new
-    end
-    def get(url, options = {}, &block)
-      request(:get, url, options, &block)
-    end
-    def post(url, options = {}, &block)
-      request(:post, url, options, &block)
-    end
-    def put(url, options = {}, &block)
-      request(:put, url, options, &block)
-    end
-    def patch(url, options = {}, &block)
-      request(:patch, url, options, &block)
-    end
-    def delete(url, options = {}, &block)
-      request(:delete, url, options, &block)
-    end
-    def request(method, url, options, &block)
-      req = Typhoeus::Request.new(url, {method: method}.merge(options))
-      requests.queue(req)
-      req.on_complete do |response|
-        if response.timed_out?
-          puts "Timeout #{url}"
-        elsif response.code == 0
-          puts "#{response.return_message} #{url}"
-        elsif !response.success? && response.code != 302
-          puts "#{response.code} #{url}"
-        end
-        block.call(response) if block
-      end
-    end
-    def start
-      concurrency.times { run }
-      requests.run
-    end
-    def run
-      raise NotImplementedError
-    end
-  end
-end
+require "typhoeus"
+require "web_tsunami/scenario"
+require "web_tsunami/session"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: web_tsunami
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Alexis Bernard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-25 00:00:00.000000000 Z
+date: 2024-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -37,6 +37,8 @@ files:
 - LICENSE.txt
 - README.md
 - lib/web_tsunami.rb
+- lib/web_tsunami/scenario.rb
+- lib/web_tsunami/session.rb
 - lib/web_tsunami/version.rb
 - web_tsunami.gemspec
 - web_tsunami.png