sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-27 15:07:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into move_all_deps_to_gemspec

Browse source
This commit is contained in:
Gonzalo Rodriguez 2018-03-09 10:19:25 -03:00
commit 859c212058
14 changed files with 136 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.travis.yml
View file

@ -11,11 +11,17 @@ before_install:
- gem install bundler - gem install bundler
gemfile: gemfile:
- gemfiles/rails_5_2.gemfile
- gemfiles/rails_5_1.gemfile - gemfiles/rails_5_1.gemfile
- gemfiles/rails_5_0.gemfile - gemfiles/rails_5_0.gemfile
- gemfiles/rails_4_2.gemfile - gemfiles/rails_4_2.gemfile
- gemfiles/dalli2.gemfile - gemfiles/dalli2.gemfile
matrix:
allow_failures:
- gemfile: gemfiles/rails_5_2.gemfile
fast_finish: true
services: services:
- redis - redis
- memcached - memcached

5
Appraisals
View file

@ -1,3 +1,8 @@
appraise 'rails_5-2' do
gem 'activesupport', '~> 5.2.0.a'
gem 'actionpack', '~> 5.2.0.a'
end
appraise 'rails_5-1' do appraise 'rails_5-1' do
gem 'activesupport', '~> 5.1.0' gem 'activesupport', '~> 5.1.0'
gem 'actionpack', '~> 5.1.0' gem 'actionpack', '~> 5.1.0'

7
README.md
View file

@ -40,9 +40,9 @@ Or for Rackup files:
use Rack::Attack use Rack::Attack
``` ```
Add a `rack-attack.rb` file to `config/initializers/`: Add a `rack_attack.rb` file to `config/initializers/`:
```ruby ```ruby
# In config/initializers/rack-attack.rb # In config/initializers/rack_attack.rb
class Rack::Attack class Rack::Attack
# your custom configuration... # your custom configuration...
end end
@ -237,7 +237,8 @@ Rack::Attack.throttled_response = lambda do |env|
# NB: you have access to the name and other data about the matched throttle # NB: you have access to the name and other data about the matched throttle
# env['rack.attack.matched'], # env['rack.attack.matched'],
# env['rack.attack.match_type'], # env['rack.attack.match_type'],
# env['rack.attack.match_data'] # env['rack.attack.match_data'],
# env['rack.attack.match_discriminator']
# Using 503 because it may make attacker think that they have successfully # Using 503 because it may make attacker think that they have successfully
# DOSed the site. Rack::Attack returns 429 for throttling by default # DOSed the site. Rack::Attack returns 429 for throttling by default

6
Rakefile
View file

@ -11,9 +11,13 @@ namespace :test do
Rake::TestTask.new(:integration) do |t| Rake::TestTask.new(:integration) do |t|
t.pattern = "spec/integration/*_spec.rb" t.pattern = "spec/integration/*_spec.rb"
end end
Rake::TestTask.new(:acceptance) do |t|
t.pattern = "spec/acceptance/*_spec.rb"
end
end end
desc 'Run tests' desc 'Run tests'
task :test => %w[test:units test:integration] task :test => %w[test:units test:integration test:acceptance]
task :default => :test task :default => :test

14
gemfiles/rails_5_2.gemfile Normal file
View file

@ -0,0 +1,14 @@
# This file was generated by Appraisal
source "https://rubygems.org"
gem "activesupport", "~> 5.2.0.a"
gem "actionpack", "~> 5.2.0.a"
group :development do
gem "pry"
gem "guard"
gem "guard-minitest"
end
gemspec path: "../"

2
rack-attack.gemspec
View file

@ -33,7 +33,7 @@ Gem::Specification.new do |s|
s.add_development_dependency 'dalli' s.add_development_dependency 'dalli'
s.add_development_dependency 'connection_pool' s.add_development_dependency 'connection_pool'
s.add_development_dependency 'memcache-client' s.add_development_dependency 'memcache-client'
s.add_development_dependency "timecop"
s.add_development_dependency 'pry' s.add_development_dependency 'pry'
s.add_development_dependency 'guard-minitest' s.add_development_dependency 'guard-minitest'
# Need to explicitly depend on guard because guard-minitest doesn't declare # Need to explicitly depend on guard because guard-minitest doesn't declare

21
spec/acceptance/blocking_spec.rb Normal file
View file

@ -0,0 +1,21 @@
require_relative "../spec_helper"
describe "#blocklist" do
before do
Rack::Attack.blocklist("block 1.2.3.4") do |request|
request.ip == "1.2.3.4"
end
end
it "forbids request if blocklist condition is true" do
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
assert_equal 403, last_response.status
end
it "succeeds if blocklist condition is false" do
get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
assert_equal 200, last_response.status
end
end

37
spec/acceptance/safelisting_spec.rb Normal file
View file

@ -0,0 +1,37 @@
require_relative "../spec_helper"
describe "#safelist" do
before do
Rack::Attack.blocklist("block 1.2.3.4") do |request|
request.ip == "1.2.3.4"
end
Rack::Attack.safelist("safe path") do |request|
request.path == "/safe_space"
end
end
it "forbids request if blocklist condition is true and safelist is false" do
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
assert_equal 403, last_response.status
end
it "succeeds if blocklist condition is false and safelist is false" do
get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
assert_equal 200, last_response.status
end
it "succeeds request if blocklist condition is false and safelist is true" do
get "/safe_space", {}, "REMOTE_ADDR" => "5.6.7.8"
assert_equal 200, last_response.status
end
it "succeeds request if both blocklist and safelist conditions are true" do
get "/safe_space", {}, "REMOTE_ADDR" => "1.2.3.4"
assert_equal 200, last_response.status
end
end

30
spec/acceptance/throttling_spec.rb Normal file
View file

@ -0,0 +1,30 @@
require_relative "../spec_helper"
require "timecop"
describe "#throttle" do
it "allows one request per minute by IP" do
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
request.ip
end
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
assert_equal 200, last_response.status
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
assert_equal 429, last_response.status
get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
assert_equal 200, last_response.status
Timecop.travel(60) do
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
assert_equal 200, last_response.status
end
end
end

2
spec/rack_attack_request_spec.rb
View file

@ -14,6 +14,6 @@ describe 'Rack::Attack' do
end end
end end
allow_ok_requests it_allows_ok_requests
end end
end end

4
spec/rack_attack_spec.rb
View file

@ -1,7 +1,7 @@
require_relative 'spec_helper' require_relative 'spec_helper'
describe 'Rack::Attack' do describe 'Rack::Attack' do
allow_ok_requests it_allows_ok_requests
describe 'normalizing paths' do describe 'normalizing paths' do
before do before do
@ -44,7 +44,7 @@ describe 'Rack::Attack' do
last_request.env['rack.attack.match_type'].must_equal :blocklist last_request.env['rack.attack.match_type'].must_equal :blocklist
end end
allow_ok_requests it_allows_ok_requests
end end
describe "and safelist" do describe "and safelist" do

8
spec/rack_attack_throttle_spec.rb
View file

@ -9,7 +9,7 @@ describe 'Rack::Attack.throttle' do
it('should have a throttle') { Rack::Attack.throttles.key?('ip/sec') } it('should have a throttle') { Rack::Attack.throttles.key?('ip/sec') }
allow_ok_requests it_allows_ok_requests
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
@ -54,7 +54,7 @@ describe 'Rack::Attack.throttle with limit as proc' do
Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => @period) { |req| req.ip } Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => @period) { |req| req.ip }
end end
allow_ok_requests it_allows_ok_requests
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
@ -78,7 +78,7 @@ describe 'Rack::Attack.throttle with period as proc' do
Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => lambda { |req| @period }) { |req| req.ip } Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => lambda { |req| @period }) { |req| req.ip }
end end
allow_ok_requests it_allows_ok_requests
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
@ -102,7 +102,7 @@ describe 'Rack::Attack.throttle with block retuning nil' do
Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |_| nil } Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |_| nil }
end end
allow_ok_requests it_allows_ok_requests
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }

2
spec/rack_attack_track_spec.rb
View file

@ -19,7 +19,7 @@ describe 'Rack::Attack.track' do
Rack::Attack.track("everything"){ |req| true } Rack::Attack.track("everything"){ |req| true }
end end
allow_ok_requests it_allows_ok_requests
it "should tag the env" do it "should tag the env" do
get '/' get '/'

6
spec/spec_helper.rb
View file

@ -23,12 +23,16 @@ class MiniTest::Spec
def app def app
Rack::Builder.new { Rack::Builder.new {
# Use Rack::Lint to test that rack-attack is complying with the rack spec
use Rack::Lint
use Rack::Attack use Rack::Attack
use Rack::Lint
run lambda {|env| [200, {}, ['Hello World']]} run lambda {|env| [200, {}, ['Hello World']]}
}.to_app }.to_app
end end
def self.allow_ok_requests def self.it_allows_ok_requests
it "must allow ok requests" do it "must allow ok requests" do
get '/', {}, 'REMOTE_ADDR' => '127.0.0.1' get '/', {}, 'REMOTE_ADDR' => '127.0.0.1'
last_response.status.must_equal 200 last_response.status.must_equal 200