sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-26 14:57:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #446 from fatkodima/extract-config

Browse source 
Extract Configuration class
This commit is contained in:
Gonzalo Rodriguez 2019-10-16 16:23:21 -03:00 committed by GitHub
commit a67a7bfdeb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 111 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

121
lib/rack/attack.rb
View file

@ -14,6 +14,7 @@ module Rack
class MisconfiguredStoreError < Error; end class MisconfiguredStoreError < Error; end
class MissingStoreError < Error; end class MissingStoreError < Error; end
autoload :Configuration, 'rack/attack/configuration'
autoload :Cache, 'rack/attack/cache' autoload :Cache, 'rack/attack/cache'
autoload :Check, 'rack/attack/check' autoload :Check, 'rack/attack/check'
autoload :Throttle, 'rack/attack/throttle' autoload :Throttle, 'rack/attack/throttle'
@ -31,82 +32,8 @@ module Rack
autoload :Allow2Ban, 'rack/attack/allow2ban' autoload :Allow2Ban, 'rack/attack/allow2ban'
class << self class << self
attr_accessor :enabled, :notifier, :blocklisted_response, :throttled_response, attr_accessor :enabled, :notifier
:anonymous_blocklists, :anonymous_safelists attr_reader :configuration
def safelist(name = nil, &block)
safelist = Safelist.new(name, &block)
if name
safelists[name] = safelist
else
anonymous_safelists << safelist
end
end
def blocklist(name = nil, &block)
blocklist = Blocklist.new(name, &block)
if name
blocklists[name] = blocklist
else
anonymous_blocklists << blocklist
end
end
def blocklist_ip(ip_address)
anonymous_blocklists << Blocklist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
end
def safelist_ip(ip_address)
anonymous_safelists << Safelist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
end
def throttle(name, options, &block)
throttles[name] = Throttle.new(name, options, &block)
end
def track(name, options = {}, &block)
tracks[name] = Track.new(name, options, &block)
end
def safelists
@safelists ||= {}
end
def blocklists
@blocklists ||= {}
end
def throttles
@throttles ||= {}
end
def tracks
@tracks ||= {}
end
def safelisted?(request)
anonymous_safelists.any? { |safelist| safelist.matched_by?(request) } ||
safelists.any? { |_name, safelist| safelist.matched_by?(request) }
end
def blocklisted?(request)
anonymous_blocklists.any? { |blocklist| blocklist.matched_by?(request) } ||
blocklists.any? { |_name, blocklist| blocklist.matched_by?(request) }
end
def throttled?(request)
throttles.any? do |_name, throttle|
throttle.matched_by?(request)
end
end
def tracked?(request)
tracks.each_value do |track|
track.matched_by?(request)
end
end
def instrument(request) def instrument(request)
if notifier if notifier
@ -122,34 +49,27 @@ module Rack
@cache ||= Cache.new @cache ||= Cache.new
end end
def clear_configuration
@safelists = {}
@blocklists = {}
@throttles = {}
@tracks = {}
self.anonymous_blocklists = []
self.anonymous_safelists = []
end
def clear! def clear!
warn "[DEPRECATION] Rack::Attack.clear! is deprecated. Please use Rack::Attack.clear_configuration instead" warn "[DEPRECATION] Rack::Attack.clear! is deprecated. Please use Rack::Attack.clear_configuration instead"
clear_configuration @configuration.clear_configuration
end end
extend Forwardable
def_delegators :@configuration, :safelist, :blocklist, :blocklist_ip, :safelist_ip, :throttle, :track,
:blocklisted_response, :blocklisted_response=, :throttled_response, :throttled_response=,
:clear_configuration, :safelists, :blocklists, :throttles, :tracks
end end
# Set defaults # Set defaults
@enabled = true @enabled = true
@anonymous_blocklists = []
@anonymous_safelists = []
@notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications) @notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
@blocklisted_response = lambda { |_env| [403, { 'Content-Type' => 'text/plain' }, ["Forbidden\n"]] } @configuration = Configuration.new
@throttled_response = lambda do |env|
retry_after = (env['rack.attack.match_data'] || {})[:period] attr_reader :configuration
[429, { 'Content-Type' => 'text/plain', 'Retry-After' => retry_after.to_s }, ["Retry later\n"]]
end
def initialize(app) def initialize(app)
@app = app @app = app
@configuration = self.class.configuration
end end
def call(env) def call(env)
@ -158,19 +78,16 @@ module Rack
env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO']) env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO'])
request = Rack::Attack::Request.new(env) request = Rack::Attack::Request.new(env)
if safelisted?(request) if configuration.safelisted?(request)
@app.call(env) @app.call(env)
elsif blocklisted?(request) elsif configuration.blocklisted?(request)
self.class.blocklisted_response.call(env) configuration.blocklisted_response.call(env)
elsif throttled?(request) elsif configuration.throttled?(request)
self.class.throttled_response.call(env) configuration.throttled_response.call(env)
else else
tracked?(request) configuration.tracked?(request)
@app.call(env) @app.call(env)
end end
end end
extend Forwardable
def_delegators self, :safelisted?, :blocklisted?, :throttled?, :tracked?
end end
end end

92
lib/rack/attack/configuration.rb Normal file
View file

@ -0,0 +1,92 @@
# frozen_string_literal: true
module Rack
class Attack
class Configuration
attr_reader :safelists, :blocklists, :throttles, :anonymous_blocklists, :anonymous_safelists
attr_accessor :blocklisted_response, :throttled_response
def initialize
@safelists = {}
@blocklists = {}
@throttles = {}
@tracks = {}
@anonymous_blocklists = []
@anonymous_safelists = []
@blocklisted_response = lambda { |_env| [403, { 'Content-Type' => 'text/plain' }, ["Forbidden\n"]] }
@throttled_response = lambda do |env|
retry_after = (env['rack.attack.match_data'] || {})[:period]
[429, { 'Content-Type' => 'text/plain', 'Retry-After' => retry_after.to_s }, ["Retry later\n"]]
end
end
def safelist(name = nil, &block)
safelist = Safelist.new(name, &block)
if name
@safelists[name] = safelist
else
@anonymous_safelists << safelist
end
end
def blocklist(name = nil, &block)
blocklist = Blocklist.new(name, &block)
if name
@blocklists[name] = blocklist
else
@anonymous_blocklists << blocklist
end
end
def blocklist_ip(ip_address)
@anonymous_blocklists << Blocklist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
end
def safelist_ip(ip_address)
@anonymous_safelists << Safelist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) }
end
def throttle(name, options, &block)
@throttles[name] = Throttle.new(name, options, &block)
end
def track(name, options = {}, &block)
@tracks[name] = Track.new(name, options, &block)
end
def safelisted?(request)
@anonymous_safelists.any? { |safelist| safelist.matched_by?(request) } ||
@safelists.any? { |_name, safelist| safelist.matched_by?(request) }
end
def blocklisted?(request)
@anonymous_blocklists.any? { |blocklist| blocklist.matched_by?(request) } ||
@blocklists.any? { |_name, blocklist| blocklist.matched_by?(request) }
end
def throttled?(request)
@throttles.any? do |_name, throttle|
throttle.matched_by?(request)
end
end
def tracked?(request)
@tracks.each_value do |track|
track.matched_by?(request)
end
end
def clear_configuration
@safelists = {}
@blocklists = {}
@throttles = {}
@tracks = {}
@anonymous_blocklists = []
@anonymous_safelists = []
end
end
end
end