RubyGems - web_tsunami - Versions diffs - 0.2.0 → 0.3.0 - Mend

web_tsunami 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5684946d08e860b309d812707e690d91f45698140d5a22b1d8fe963f85203f25
-  data.tar.gz: dd58e555fc6c6dc89c3e1205299fec88c3879635ea36f4e78baa49a5f00993e5
+  metadata.gz: feec552f2db4cf26a58dc9349313afd80bfd7da50f5143e3475f4c9cad497d6d
+  data.tar.gz: 54fafe2b562ba52ae68c12930ae8c33f80e3e6557b4e3d74cb5e3fa741a3ea9d
 SHA512:
-  metadata.gz: 1a29b20791f56ba1e87b4168777fd9a362a6bc06c3548bd5bc1a7a2d44b4d765153fb24ca732fea99172d0a2d2ffbdbad08aec7d0063cc018fa5309e740c647f
-  data.tar.gz: 3991dbf3d1b3d72c2aa40f734a153a8ed40f4bfbc903afdd6f3780c4b81ef918b0ed4033ee5f3521837342987ff16cd1a5f2a5f2d5a68990039c0a2d67356189
+  metadata.gz: 6359c7e63dae34c480395d4f27f040b524fca85e1bb48422ab522ea8da899a39ec59613ff4ce3d7068b50f0c31e06b27f1087560d8506aa8fbf27a4df5e7b804
+  data.tar.gz: c967132a8f0ad8a9346683ed3dd84436e33d0a01275a73511aadd87a65bb45b84455aa89e54501e974b1d6d58b150b6dfb2597dd7db6f8a63df4dbafde2778bd

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 # Changelog of Web Tsunami
+## 0.3.0 (2024-02-01)
+* Add session object to handle automatically cookies and CSRF tokens
 ## 0.2.0 (2024-01-25)
 * Add methods post, put, patch and delete

data/README.md CHANGED Viewed

@@ -56,69 +56,34 @@ SearchTsunami.start(concurrency: 100, duration: 60 * 10)
 In this scenario, a visitor comes on the index page, then search for _stress test_, then go on a random page of the search result, and finally found the stress test page.
 It introduces a unique parameters which is the page number.
 It's nice, but it could have almost be done with Siege.
-Let me show you a more advanced scenario.
+Let me show you a more realistic scenario.
 ```ruby
 require "web_tsunami"
-require "json"
-class RegistrationTsunami < WebTsunami::Scenario
-  # Simulate a visitor coming on the index page,
-  # then going to the registration form,
-  # and finally submitting the form.
+class SessionTsunami < WebTsunami::Scenario
   def run
-    get("http://site.example/") do |response|
-      get("http://site.example/account/new") do |response|
-        post("http://site.example/account", post_account_options(response)) do |response|
-          # Then visiting the dashboard, and so on.
+    # The session object stores cookies and automatically submit CSRF token with forms
+    session = WebTsunami::Session.new(self, "https://site.example")
+    session.get("/") do
+      session.get("/account/new") do
+        # An authenticity_token param is automatically added by the session
+        session.post("/account", body: {account: "#{rand(1000000)}@email.test", password: "password"}}) do |response|
+          # The session stores the Set-Cookie header and will provide it to the next requests
+          session.get("/dashboard") do # Redirection after registration
+            # And so on
+          end
         end
       end
     end
   end
-  private
-  def post_account_options(response)
-    # In order to not be blocked by the Cross-Site Request Forgery, the request must contain :
-    #   1. Cookie header
-    #   2. authenticity_token form param
-    {
-      headers: build_post_headers(response),
-      body: JSON.generate(
-        authenticity_token: extract_csrf_token(response.body),
-        user: {
-          name: name = rand.to_s[2..-1],
-          email: "#{name}@domain.test",
-          password: name,
-        }
-      ),
-    }
-  end
-  def build_post_headers(response)
-    {
-      "Origin" => response.request&.base_url,
-      "Content-Type" => "application/json",
-      "Cookie" => response.headers["Set-Cookie"],
-      # To Simulate a post XmlHttpRequest from JavaScript, you should provide these headers :
-      # "X-CSRF-Token" => extract_csrf_token(response.body),
-      # "X-Requested-With" => "XMLHttpRequest"
-    }
-  end
-  CSRF_REGEX = /<meta name="csrf-token" content="([^"]+)"/
-  def extract_csrf_token(html)
-    html.match(CSRF_REGEX)[1]
-  end
 end
-# Simulates 100 concurrent visitors every second for 10 minutes
-RegistrationTsunami.start(concurrency: 100, duration: 10)
+SessionTsunami.start(concurrency: 100, duration: 60 * 10)
 ```
-This is more complex because it handles CSRF and every submitted forms are unique.
-Indeed emails must be unique, so it's not possible to send the same data everytime.
+This is more realistic because it handles CSRF tokens and cookies.
+Thus the scenario can submit forms and behaves a little bit more like a real visitor.
 ## Output and result

data/lib/web_tsunami/scenario.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module WebTsunami
+  # Scenario is the class that handle all the parallel requests.
+  class Scenario
+    attr_reader :concurrency
+    def self.start(options)
+      options[:duration].times { fork { new(options[:concurrency]).start } and sleep(1) }
+      Process.wait
+    end
+    def initialize(concurrency)
+      @concurrency = concurrency
+    end
+    def requests
+      @requests ||= Typhoeus::Hydra.new
+    end
+    def get(url, options = {}, &block)
+      request(:get, url, options, &block)
+    end
+    def post(url, options = {}, &block)
+      request(:post, url, options, &block)
+    end
+    def put(url, options = {}, &block)
+      request(:put, url, options, &block)
+    end
+    def patch(url, options = {}, &block)
+      request(:patch, url, options, &block)
+    end
+    def delete(url, options = {}, &block)
+      request(:delete, url, options, &block)
+    end
+    def request(method, url, options, &block)
+      req = Typhoeus::Request.new(url, {method: method}.merge(options))
+      requests.queue(req)
+      req.on_complete do |response|
+        if response.timed_out?
+          puts "Timeout #{url}"
+        elsif response.code == 0
+          puts "#{response.return_message} #{response.request.options[:method]} #{url}"
+        elsif !response.success? && ![302, 303].include?(response.code)
+          puts "#{response.code} #{response.request.options[:method]} #{url}"
+        end
+        block.call(response) if block
+      end
+    end
+    def start
+      concurrency.times { run }
+      requests.run
+    end
+    def run
+      raise NotImplementedError
+    end
+  end
+end

data/lib/web_tsunami/session.rb ADDED Viewed

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+module WebTsunami
+  # Session is a helper class to be used inside a scenario.
+  # It's purpose is to avoid low level manipulations to handle cookies and CSRF tokens automatically.
+  class Session
+    attr_reader :scenario, :root_url
+    attr_reader :cookies, :last_response
+    def initialize(scenario, root_url)
+      @scenario = scenario
+      @root_url = root_url
+      @cookies = {}
+      @last_response = nil
+    end
+    def get(path, options = {}, &block)
+      url = File.join(root_url, path)
+      inject_headers(default_headers, options)
+      scenario.get(url, options) do |response|
+        @last_response = response
+        save_cookies(response)
+        block&.call(response)
+      end
+    end
+    def post(path, options = {}, &block)
+      url = File.join(root_url, path)
+      inject_headers(default_post_headers, options)
+      inject_csrf_token(options)
+      scenario.post(url, options) do |response|
+        @last_response = response
+        save_cookies(response)
+        block&.call(response)
+      end
+    end
+    private
+    def default_headers
+      {
+        "Origin" => last_response && request_origin_header(last_response.request),
+        "Cookie" => cookies.map { |(k,v)| "#{k}=#{v}" }.join(" "),
+      }
+    end
+    def default_post_headers
+      default_headers.merge("Content-Type" => "application/x-www-form-urlencoded;charset=UTF-8")
+    end
+    def request_origin_header(request)
+      return "null" unless request
+      uri = URI(request.base_url.to_s)
+      if [80, 443].include?(uri.port)
+        "#{uri.scheme}://#{uri.host}"
+      else
+        "#{uri.scheme}://#{uri.host}:#{uri.port}"
+      end
+    end
+    CSRF_REGEX = /<meta name="csrf-token" content="([^"]+)"/
+    def extract_csrf_token(html)
+      html.match(CSRF_REGEX)[1]
+    end
+    def save_cookies(response)
+      return unless header = response.headers["Set-Cookie"]
+      Array(header).each do |cookie|
+        name, value = cookie.split(" ", 2)[0].split("=")
+        @cookies[name] = value
+      end
+    end
+    def inject_headers(headers, options)
+      options[:headers] = headers.merge(options[:headers] || {})
+    end
+    def inject_csrf_token(options)
+      if options[:body].is_a?(Hash) && last_response
+        options[:body] = {authenticity_token: extract_csrf_token(last_response.body)}.merge(options[:body])
+      end
+    end
+  end
+end

data/lib/web_tsunami/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module WebTsunami
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/web_tsunami.rb CHANGED Viewed

@@ -1,68 +1,5 @@
 # -*- encoding : utf-8 -*-
-require 'typhoeus'
-module WebTsunami
-  class Scenario
-    attr_reader :concurrency
-    def self.start(options)
-      options[:duration].times { fork { new(options[:concurrency]).start } and sleep(1) }
-      Process.wait
-    end
-    def initialize(concurrency)
-      @concurrency = concurrency
-    end
-    def requests
-      @requests ||= Typhoeus::Hydra.new
-    end
-    def get(url, options = {}, &block)
-      request(:get, url, options, &block)
-    end
-    def post(url, options = {}, &block)
-      request(:post, url, options, &block)
-    end
-    def put(url, options = {}, &block)
-      request(:put, url, options, &block)
-    end
-    def patch(url, options = {}, &block)
-      request(:patch, url, options, &block)
-    end
-    def delete(url, options = {}, &block)
-      request(:delete, url, options, &block)
-    end
-    def request(method, url, options, &block)
-      req = Typhoeus::Request.new(url, {method: method}.merge(options))
-      requests.queue(req)
-      req.on_complete do |response|
-        if response.timed_out?
-          puts "Timeout #{url}"
-        elsif response.code == 0
-          puts "#{response.return_message} #{url}"
-        elsif !response.success? && response.code != 302
-          puts "#{response.code} #{url}"
-        end
-        block.call(response) if block
-      end
-    end
-    def start
-      concurrency.times { run }
-      requests.run
-    end
-    def run
-      raise NotImplementedError
-    end
-  end
-end
+require "typhoeus"
+require "web_tsunami/scenario"
+require "web_tsunami/session"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: web_tsunami
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Alexis Bernard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-25 00:00:00.000000000 Z
+date: 2024-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -37,6 +37,8 @@ files:
 - LICENSE.txt
 - README.md
 - lib/web_tsunami.rb
+- lib/web_tsunami/scenario.rb
+- lib/web_tsunami/session.rb
 - lib/web_tsunami/version.rb
 - web_tsunami.gemspec
 - web_tsunami.png