sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-27 15:07:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto plug middleware for simpler installation

Browse source
This commit is contained in:
fatkodima 2019-09-01 00:17:36 +03:00
parent e5ceab040c
commit b512e05786
4 changed files with 44 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -68,12 +68,10 @@ Or install it yourself as:
Then tell your ruby web application to use rack-attack as a middleware. Then tell your ruby web application to use rack-attack as a middleware.
a) For __rails__ applications: a) For __rails__ applications it is used by default. You can disable it permanently (like for specific environment) or temporarily (can be useful for specific test cases) by writing:
```ruby ```ruby
# In config/application.rb Rack::Attack.enabled = false
config.middleware.use Rack::Attack
``` ```
b) For __rack__ applications: b) For __rack__ applications:

8
lib/rack/attack.rb
View file

@ -6,6 +6,8 @@ require 'rack/attack/path_normalizer'
require 'rack/attack/request' require 'rack/attack/request'
require "ipaddr" require "ipaddr"
require 'rack/attack/railtie' if defined?(Rails)
module Rack module Rack
class Attack class Attack
class MisconfiguredStoreError < StandardError; end class MisconfiguredStoreError < StandardError; end
@ -28,7 +30,8 @@ module Rack
autoload :Allow2Ban, 'rack/attack/allow2ban' autoload :Allow2Ban, 'rack/attack/allow2ban'
class << self class << self
attr_accessor :notifier, :blocklisted_response, :throttled_response, :anonymous_blocklists, :anonymous_safelists attr_accessor :enabled, :notifier, :blocklisted_response, :throttled_response,
:anonymous_blocklists, :anonymous_safelists
def safelist(name = nil, &block) def safelist(name = nil, &block)
safelist = Safelist.new(name, &block) safelist = Safelist.new(name, &block)
@ -134,6 +137,7 @@ module Rack
end end
# Set defaults # Set defaults
@enabled = true
@anonymous_blocklists = [] @anonymous_blocklists = []
@anonymous_safelists = [] @anonymous_safelists = []
@notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications) @notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
@ -148,6 +152,8 @@ module Rack
end end
def call(env) def call(env)
return @app.call(env) unless self.class.enabled
env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO']) env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO'])
request = Rack::Attack::Request.new(env) request = Rack::Attack::Request.new(env)

12
lib/rack/attack/railtie.rb Normal file
View file

@ -0,0 +1,12 @@
# frozen_string_literal: true
module Rack
class Attack
class Railtie < Rails::Railtie
config.after_initialize do |app|
include_middleware = app.middleware.none? { |m| m == Rack::Attack }
app.middleware.use(Rack::Attack) if include_middleware
end
end
end
end

23
spec/rack_attack_spec.rb
View file

@ -76,4 +76,27 @@ describe 'Rack::Attack' do
end end
end end
end end
describe 'enabled' do
it 'should be enabled by default' do
Rack::Attack.enabled.must_equal true
end
it 'should directly pass request when disabled' do
bad_ip = '1.2.3.4'
Rack::Attack.blocklist("ip #{bad_ip}") { |req| req.ip == bad_ip }
get '/', {}, 'REMOTE_ADDR' => bad_ip
last_response.status.must_equal 403
prev_enabled = Rack::Attack.enabled
begin
Rack::Attack.enabled = false
get '/', {}, 'REMOTE_ADDR' => bad_ip
last_response.status.must_equal 200
ensure
Rack::Attack.enabled = prev_enabled
end
end
end
end end