sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-25 14:47:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not auto-plug for rails < 5

Browse source
This commit is contained in:
fatkodima 2019-10-08 13:06:47 +03:00
parent bdfb01ab5b
commit f22b24cbc5
4 changed files with 41 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -68,7 +68,14 @@ Or install it yourself as:
Then tell your ruby web application to use rack-attack as a middleware. Then tell your ruby web application to use rack-attack as a middleware.
a) For __rails__ applications it is used by default. You can disable it permanently (like for specific environment) or temporarily (can be useful for specific test cases) by writing: a) For __rails__ applications with versions >= 5 it is used by default. For older rails versions you should enable it explicitly:
```ruby
# In config/application.rb
config.middleware.use Rack::Attack
```
You can disable it permanently (like for specific environment) or temporarily (can be useful for specific test cases) by writing:
```ruby ```ruby
Rack::Attack.enabled = false Rack::Attack.enabled = false

18
lib/rack/attack/railtie.rb
View file

@ -4,21 +4,17 @@ module Rack
class Attack class Attack
class Railtie < ::Rails::Railtie class Railtie < ::Rails::Railtie
initializer 'rack.attack.middleware', after: :load_config_initializers, before: :build_middleware_stack do |app| initializer 'rack.attack.middleware', after: :load_config_initializers, before: :build_middleware_stack do |app|
middlewares = app.config.middleware if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new("5")
middlewares = app.config.middleware
operations = middlewares.send(:operations) + middlewares.send(:delete_operations)
operations = use_middleware = operations.none? do |operation|
if Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.new("5") middleware = operation[1]
middlewares.send(:operations) + middlewares.send(:delete_operations) middleware.include?(Rack::Attack)
else
middlewares.instance_variable_get(:@operations)
end end
use_middleware = operations.none? do |operation| middlewares.use(Rack::Attack) if use_middleware
middleware = operation[1]
middleware.include?(Rack::Attack)
end end
middlewares.use(Rack::Attack) if use_middleware
end end
end end
end end

37
spec/acceptance/rails_middleware_spec.rb
View file

@ -2,7 +2,7 @@
require_relative "../spec_helper" require_relative "../spec_helper"
if defined?(Rails) && Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.new("5") if defined?(Rails)
describe "Middleware for Rails" do describe "Middleware for Rails" do
before do before do
@app = Class.new(Rails::Application) do @app = Class.new(Rails::Application) do
@ -12,21 +12,30 @@ if defined?(Rails) && Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.n
end end
end end
it "is enabled by default" do if Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.new("5")
@app.initialize! it "is used by default" do
assert_equal 1, @app.middleware.count(Rack::Attack) @app.initialize!
assert_equal 1, @app.middleware.count(Rack::Attack)
end
it "is not added when it was added explicitly" do
@app.config.middleware.use(Rack::Attack)
@app.initialize!
assert_equal 1, @app.middleware.count(Rack::Attack)
end
it "is not added when it was explicitly deleted" do
@app.config.middleware.delete(Rack::Attack)
@app.initialize!
refute @app.middleware.include?(Rack::Attack)
end
end end
it "is not added when it was added explicitly" do if Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new("5")
@app.config.middleware.use(Rack::Attack) it "is not used by default" do
@app.initialize! @app.initialize!
assert_equal 1, @app.middleware.count(Rack::Attack) assert_equal 0, @app.middleware.count(Rack::Attack)
end end
it "is not added when it was explicitly deleted" do
@app.config.middleware.delete(Rack::Attack)
@app.initialize!
refute @app.middleware.include?(Rack::Attack)
end end
end end
end end

6
spec/rack_attack_spec.rb
View file

@ -79,7 +79,7 @@ describe 'Rack::Attack' do
describe 'enabled' do describe 'enabled' do
it 'should be enabled by default' do it 'should be enabled by default' do
Rack::Attack.enabled.must_equal true _(Rack::Attack.enabled).must_equal true
end end
it 'should directly pass request when disabled' do it 'should directly pass request when disabled' do
@ -87,13 +87,13 @@ describe 'Rack::Attack' do
Rack::Attack.blocklist("ip #{bad_ip}") { |req| req.ip == bad_ip } Rack::Attack.blocklist("ip #{bad_ip}") { |req| req.ip == bad_ip }
get '/', {}, 'REMOTE_ADDR' => bad_ip get '/', {}, 'REMOTE_ADDR' => bad_ip
last_response.status.must_equal 403 _(last_response.status).must_equal 403
prev_enabled = Rack::Attack.enabled prev_enabled = Rack::Attack.enabled
begin begin
Rack::Attack.enabled = false Rack::Attack.enabled = false
get '/', {}, 'REMOTE_ADDR' => bad_ip get '/', {}, 'REMOTE_ADDR' => bad_ip
last_response.status.must_equal 200 _(last_response.status).must_equal 200
ensure ensure
Rack::Attack.enabled = prev_enabled Rack::Attack.enabled = prev_enabled
end end