sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
871 commits 1 branch 0 tags 1.1 MiB
Commit graph

269 commits

Author SHA1 Message Date
fatkodima
18e637aea8 Allow to reset state between tests 2019-10-23 01:33:49 +03:00
fatkodima
a3dff705bb Make discriminators case-insensitive by default 2019-10-22 12:37:08 +03:00
Gonzalo Rodriguez
8fcd6c8559
Merge pull request #450 from fatkodima/better-failsafe 
Do not rescue all errors for redis backed stores
 2019-10-18 17:44:23 -03:00
Gonzalo Rodriguez
1f216e12e7
refactor: move require statement to correct file 2019-10-18 17:29:58 -03:00
fatkodima
20ec4d31db Do not rescue all errors for redis backed stores 2019-10-18 02:31:05 +03:00
Gonzalo Rodriguez
0188a90ab2
refactor: DRY setting config defaults 2019-10-17 14:27:32 -03:00
Gonzalo Rodriguez
55cb6def03
feat: clear custom response when clearing configuration 2019-10-17 14:26:22 -03:00
fatkodima
a34c187dda Allow to configure Retry-After header for default throttled_response handler 2019-10-17 00:26:13 +03:00
Gonzalo Rodriguez
0112405fb4
refactor: prefer require over autoload for const referenced in the same file 2019-10-16 17:43:16 -03:00
Gonzalo Rodriguez
20fdab0c50
style: fix indentation 2019-10-16 16:27:30 -03:00
fatkodima
7118b7a243 Extract Configuration class 2019-10-16 17:34:46 +03:00
Gonzalo Rodriguez
9cf227a32e
Merge pull request #445 from fatkodima/redis-proxy-increment 
Fix rescuing errors in RedisProxy#increment
 2019-10-15 18:13:52 -03:00
fatkodima
2fac6418f8 Fix rescuing errors in RedisProxy#increment 2019-10-15 22:54:33 +03:00
Gonzalo Rodriguez
6cfd036c2b
Merge pull request #435 from dsantosmerino/refactor/throttle-matched-by 
Refactor `Throttle#matched_by?` method
 2019-10-14 18:01:04 -03:00
dsantosmerino
49131bb4c6 Refactor Throttle#matched_by? method 
Code Climate complains about the complexity of this method. Here we try to reduce it by using private methods that encapsulate some details that are not required to understand the implementation of the main method.
 2019-10-13 09:36:44 +02:00
Gonzalo Rodriguez
9bfec1ac70
Bump gem version to v6.2.0 2019-10-12 19:04:46 -03:00
Gonzalo Rodriguez
1167c65ba6
Don't autoplug middleware for untested rails versions 2019-10-12 18:10:10 -03:00
Gonzalo Rodriguez
f65431f788
feat: provide possibility of rescuing any Rack::Attack error 2019-10-11 18:02:04 -03:00
fatkodima
f22b24cbc5 Do not auto-plug for rails < 5 2019-10-08 13:08:07 +03:00
fatkodima
bdfb01ab5b Changes and tests 2019-10-08 12:29:25 +03:00
fatkodima
b512e05786 Auto plug middleware for simpler installation 2019-10-08 12:29:25 +03:00
Gonzalo Rodriguez
0ce6befd68
style: update to latest rubocop 2019-08-02 17:04:52 -03:00
Gonzalo Rodriguez
8fafa7602b
style: fix Style/BlockDelimiters cop check 2019-08-02 15:24:17 -03:00
Gonzalo Rodriguez
c0328707b1
style: enable Style/ParallelAssignment cop checks 2019-08-02 13:47:54 -03:00
Gonzalo Rodriguez
d508e21483
style: avoid multiple assignments to same variable in conditional 2019-08-02 11:59:15 -03:00
Gonzalo Rodriguez
c8021da91c
style: avoid compact class/module definitions 2019-08-02 11:17:41 -03:00
Gonzalo Rodriguez
f5a352b8f9
style: limit line length to 120 columns 2019-08-02 10:51:53 -03:00
Gonzalo Rodriguez
c8abad53fe
Merge remote-tracking branch 'upstream/master' 2019-07-22 15:22:20 -03:00
Gonzalo Rodriguez
dc305e0782
Merge pull request #421 from cristiangreco/cristian/redis-cache-store-failsafe 
Failsafe on Redis error replies in RedisCacheStoreProxy.
 2019-07-15 18:47:17 -03:00
Cristian Greco
dd6c09e581 Failsafe on Redis error replies in RedisCacheStoreProxy. 
RedisCacheStoreProxy will blow up when RedisCacheStore raises a
CommandError exception. In fact, by default the proxied store only
handles BaseConnectionError exceptions, but will let bubble up any other
type of exception from the underlying client.

This pull request uses the same approach from RedisProxy, where store
operations are wrapped in a `rescuing` block that rescues and ignores
BaseError exceptions (the most generic exception class that can be
raised by the Redis client).
 2019-07-14 01:37:59 +01:00
Gonzalo Rodriguez
c3c6398f7e
Bump gem version to v6.1.0 2019-07-11 17:01:40 -03:00
Gonzalo Rodriguez
58ba650e6b
feat: provide discriminator in throttle_data 2019-07-10 17:21:48 -03:00
Gonzalo Rodriguez
6045b82897
Bump version to v6.0.0 2019-04-17 18:44:59 -03:00
Gonzalo Rodriguez
6541634fb0
style: enable Style/Semicolon rubocop 2019-03-01 22:25:27 -03:00
Gonzalo Rodriguez
fcb89a6c12
refactor: avoid unnecessary nil argument passing 2019-03-01 22:22:11 -03:00
Gonzalo Rodriguez
0e8dff4c88
refactor: make Throttle.new consistent with Blocklist/Safelist.new 2019-03-01 22:12:32 -03:00
Gonzalo Rodriguez
3639afc196
refactor: remove unnecessary block local variable 2019-03-01 22:01:17 -03:00
Gonzalo Rodriguez
5a42fd3ac7
style: enable Style/OptionalArguments rubocop 2019-03-01 21:51:15 -03:00
Gonzalo Rodriguez
2240e8f2c6
style: enable Style/RaiseArgs rubocop 2019-03-01 21:19:06 -03:00
Gonzalo Rodriguez
92bc56b7b7
style: enable Style/RedundantSelf rubocop 2019-03-01 21:15:50 -03:00
Gonzalo Rodriguez
a0259fb14a
style: enable Style/SingleLineMethods rubocop 2019-03-01 21:14:47 -03:00
Gonzalo Rodriguez
04eeeb9a33
refactor: avoid rescuing pattern repetition 2019-02-28 22:51:57 -03:00
Gonzalo Rodriguez
20d668211e
style: fix Lint/HandleExceptions rubocop 2019-02-28 21:17:36 -03:00
Gonzalo Rodriguez
bf4e902407
Merge pull request #408 from grzuy/style 
style: prefer ruby 1.9+ hash syntax
 2019-02-28 21:07:20 -03:00
Gonzalo Rodriguez
f772d0b3cd
Merge pull request #406 from grzuy/optional_name 
Make blocklist/safelist name argument optional
 2019-02-28 21:01:55 -03:00
Gonzalo Rodriguez
c67e71defe
style: prefer ruby 1.9+ hash syntax 2019-02-27 23:29:32 -03:00
Gonzalo Rodriguez
9a726bd29b
refactor: remove repeated initialization of anonymous_blocklists/safelists 2019-02-25 20:29:07 -03:00
Gonzalo Rodriguez
6addaa11d0
feat: make blocklist/safelist name argument optional 2019-02-24 21:04:51 -03:00
Gonzalo Rodriguez
6c6dfb06e3
feat: match ActiveSupport Instrumentation event name format spec 2019-02-24 20:19:38 -03:00
Gonzalo Rodriguez
8cbd3dc0fc
feat: improve MisconfiguredStoreError exception message to aid debugging 2018-10-11 11:44:10 -03:00
Gonzalo Rodriguez
014f74b95d
Merge pull request #387 from grzuy/fix_redis_3_and_memory_store 
[Fixes #355] Fix unexpected error when using redis 3 and any store which is not proxied
 2018-10-08 11:33:34 -03:00
Gonzalo Rodriguez
935f99a638
[Fixes #355] Avoid unexpected 'Gem::LoadError' for redis when not intented to be used 
It seems that the original implementation accidentally autoloaded ActiveSupport::Cache::RedisCacheStore
which once evaluated asks for redis v4 generating Gem::LoadError.

In order to bypass any unnecessary constant autoloading we can just check class name string.
 2018-09-30 22:13:30 -03:00
Gonzalo Rodriguez
91dbb52235
Remove unwrapping 2018-09-30 13:32:08 -03:00
Gonzalo Rodriguez
fc235c90c2
Merge pull request #382 from grzuy/cleanup_redis_cache_store_proxy 
Remove unnecessary wrapping of ActiveSupport::Cache::RedisCacheStore#read
 2018-09-03 23:15:39 -03:00
Gonzalo Rodriguez
55411e5e82
Remove MemCacheProxy which existed only for now obsolete memcache-client 2018-09-03 18:24:21 -03:00
Gonzalo Rodriguez
7001178b6d
Remove unnecessary wrapping of ActiveSupport::Cache::RedisCacheStore#read 
`raw: true` isn't doing anything special for `read`, only for `write`
 2018-09-03 17:55:29 -03:00
Jonathan del Strother
5cdc15b35a Add a proxy to deal with ActiveSupport::Cache::MemCacheStore 
If connection pooling is used with AS::Cache::MemCacheStore,
unwrap_active_support_stores wouldn't return the underlying dalli instance(s),
and so Rack::Attack.store would be the bare unproxied MemCacheStore instance.

Calling write then increment would silently fail because :raw wasn't used.

With this commit, we no longer try to unwrap AS::Cache::MemCacheStore instances.
 2018-09-03 12:00:02 +01:00
Gonzalo Rodriguez
e295ede874
Use RedisStoreProxy (not RedisProxy) for Redis::Store 2018-06-29 16:48:40 -03:00
Gonzalo Rodriguez
673cf98157
Avoid as much repetition as possible between RedisProxy and RedisStoreProxy 2018-06-29 15:44:41 -03:00
Gonzalo Rodriguez
b40b5718dc
rubocop --auto-correct 2018-06-29 15:41:36 -03:00
Gonzalo Rodriguez
6fbb6c8b1c
Merge branch 'master' into support-redis-gem 2018-06-29 15:40:45 -03:00
Gonzalo Rodriguez
eb07d9789f
Prefer Gem::Version for version comparisons 2018-06-29 15:27:36 -03:00
Gonzalo Rodriguez
85c4c085c9
Remove duplicated #initialize 2018-06-29 15:27:20 -03:00
Gonzalo Rodriguez
d1682b19b4
Merge remote-tracking branch 'rfwatson/master' 2018-06-29 15:24:13 -03:00
Gonzalo Rodriguez
73bc739d5a
Merge remote-tracking branch 'doliveirakn/master' 2018-06-29 11:17:19 -03:00
Gonzalo Rodriguez
19e17562c1
Merge pull request #372 from grzuy/drop_deprecated_methods 
Remove previously deprecated public methods
 2018-06-28 19:12:41 -03:00
Gonzalo Rodriguez
1c1ee918e1
Remove previously deprecated public methods 2018-06-28 17:16:33 -03:00
Gonzalo Rodriguez
8315a1e7e1
Remove support for unmaintained ruby 2.2 2018-06-28 17:08:15 -03:00
Gonzalo Rodriguez
8802ebfbaf
Merge branch '255-correct-object-for-instrumentation' 2018-06-28 16:40:08 -03:00
Gonzalo Rodriguez
21561bb2f5
Bump version to v5.3.2 2018-06-25 19:27:35 -03:00
Gonzalo Rodriguez
ee84079768
Fix 'redis is not part of the bundle' exception when using :memory_store 
When RedisCacheStore constant is referenced, activesupport autoloads and
rails tries to require redis, throwing exception if not present
 2018-06-25 17:42:45 -03:00
Gonzalo Rodriguez
08861f8d17
Attempt to improve code legibility/clarity/semantics (#357) 
* attempt to improve semantics for legibility

* Attempt to improve legibility by simplifying

* Make it more clear that we're calling procs/blocks here

* Enable rubocop Style/BlockDelimiters cop

* Prefer 'request' over 'req' abbreviation for legibility/clarity

* Instances of Track named 'track' not 'tracker'
 2018-06-21 14:33:24 -03:00
Gonzalo Rodriguez
d8b88cfb84
Honor amount argument instead of hard coding counter (part 2) 
See commit ca2e752937
 2018-06-21 11:25:47 -03:00
Gonzalo Rodriguez
196868130a
Bump version to v5.3.1 2018-06-20 19:49:15 -03:00
Gonzalo Rodriguez
2c1cbc323e
Default increment amount to 1 as RedisCacheStore 2018-06-20 19:14:37 -03:00
Gonzalo Rodriguez
ca2e752937
Honor amount argument instead of hard coding counter 2018-06-20 19:14:02 -03:00
Gonzalo Rodriguez
3af7394b6a
Refactor RedisCacheStoreProxy to unlearn everything about redis client details to make it less prone to bugs in the future 
Let RedisCacheStoreProxy only know and assume things about
RedisCacheStore API. Don't let it know anything about the specific redis
client behind the scenes, that's the job of RedisCacheStore only, not
ours.
 2018-06-20 18:33:00 -03:00
Alexey Vasiliev
3caee5c3ca
Fix usage of RedisCacheStore for rails 5.2.0 2018-06-20 18:06:45 -03:00
Gonzalo Rodriguez
86eb9f9e0a
Enable Style/BracesAroundHashParameters rubocop cop 2018-06-19 17:57:30 -03:00
Gonzalo Rodriguez
e6854bcb02
Enable rubocop Naming cops 2018-06-19 17:57:26 -03:00
Gonzalo Rodriguez
dac926cf68
Bump version to v5.3.0 2018-06-19 15:49:20 -03:00
Brian Kephart
4cc8d7d854
Support ActiveSupport::RedisCacheStore 2018-06-19 13:39:43 -03:00
Gonzalo Rodriguez
a99722bf4b
Avoid user confusion by renaming .clear! to .clear_configuration 2018-05-18 18:23:59 -03:00
Brian Kephart
b5b4164967 replace const_defined? with defined? 2018-05-13 17:45:12 -05:00
Gonzalo Rodriguez
52ec80692d
Enable Lint rubocop cops 2018-04-17 16:27:56 -04:00
Lucas Mansur
11e9557ccb [Fixes #302] Initial style guide adoption (#330) 
* Initial Rubocop configuration

* Fix Rubocop layout offenses for lib

* Fix some spec offenses

* Fix leftover layout offenses
 2018-03-30 16:08:00 -03:00
Koen Rouwhorst
0457bf22f9 Updated all non-secure HTTP URLs to HTTPS. 2018-03-29 18:41:40 +02:00
Gonzalo Rodriguez
389287f060
Bump version to 5.2.0 2018-03-29 12:24:37 -03:00
Gonzalo Rodriguez
62aca946b5
Require ipaddr so it works on ruby < 2.5 2018-03-26 18:53:32 -03:00
Gonzalo Rodriguez
e907cc6b83
Provide shorthand to safelist an entire IP subnet 2018-03-26 18:00:02 -03:00
Gonzalo Rodriguez
27aab72d49
Provide shorthand to safelist an IP 2018-03-26 17:51:40 -03:00
Gonzalo Rodriguez
aec03047c5
Provide shorthand to blocklist an entire IP subnet 2018-03-26 17:35:41 -03:00
Gonzalo Rodriguez
dccce4ee3d
Provide shorthand to blocklist an IP 2018-03-26 17:33:58 -03:00
Gonzalo Rodriguez
7435d4da34
Merge pull request #315 from grzuy/help_debug_cache_issues 
Give clearer error message for misconfigured cache store for allow/fail2ban
 2018-03-23 16:35:16 -03:00
Gonzalo Rodriguez
7a87ca2ff7
Give clearer error message for misconfigured cache store for allow/fail2ban 2018-03-23 14:18:07 -03:00
Gonzalo Rodriguez
0fe30e3a3d
Don't autoload when it's barely valuable to do so 
Rack::Attack::PathNormalizer and Rack::Attack::Request are both
used in #call method, which is going to be used by every rack-attack
user as long as they insert the middleware in their app.
 2018-03-23 10:58:51 -03:00
Domenoth
5004b04ac7 Change object type yielded to ActiveSupport::Subscribers 
https://github.com/kickstarter/rack-attack/issues/255

Change the object type from instances of type Rack::Attack::Request to
instances of type Hash. (`req` becomes `request: req`).
 2018-03-21 11:32:09 -07:00
Gonzalo Rodriguez
c119186134
bump version to v5.1.0 2018-03-09 15:23:46 -03:00
Gonzalo Rodriguez
922917d5a4
Merge pull request #274 from grzuy/help_debug_cache_issues 
Help users understand more clearly when the store is misconfigured
 2018-03-09 10:28:08 -03:00
Kyle d'Oliveira
9dbece5272 Add an reader for the epoch_time variable in the cache so that it can also be returned in the data from the throttle. 
This is allows access to the same time that the cache uses for the count. This can be important for clients that want to provide rate limit information for well-behaved clients
 2018-02-15 14:45:35 -08:00