sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-29 10:05:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
871 commits 1 branch 0 tags 1.1 MiB
Commit graph

42 commits

Author SHA1 Message Date
Santiago Bartesaghi
87108769f8
Fix CI (#683) 2025-01-21 22:46:28 -03:00
Santiago Bartesaghi
5124a172ac
Fix Rails test not being ran (#649) 2024-01-10 12:10:56 -03:00
Mitchell Henke
9a7815c332
Remove support for unmaintained ActiveSupport::Cache::RedisStore (#625) 
* remove support for unmaintained ActiveSupport::Cache::RedisStore

* ci: removes active_support_redis_store matrix job

* test: removes unecessary redis-activesupport require

* test: removes dead code

* fix typo

---------

Co-authored-by: Gonzalo <456459+grzuy@users.noreply.github.com>
 2023-10-14 11:29:19 -03:00
James Mead
31adbd0ad8
Rename MiniTest -> Minitest (#618) 
The latest version of minitest dropped the "ancient MiniTest
compatibility layer" [1], so we need to use the newer module name,
`Minitest`.

[1]: https://github.com/minitest/minitest/blob/master/History.rdoc#label-5.19.0+-2F+2023-07-26
 2023-08-02 19:01:56 +12:00
Samuel Williams
b708de32f3
Support Rack 3. (#586) 2023-07-25 15:16:43 +12:00
Gonzalo Rodriguez
a103ff4819
Merge pull request #457 from kickstarter/fix_load 
fix: avoid unintended effects on load_config_initializers and other gems load order
 2019-10-30 15:13:05 -03:00
Gonzalo Rodriguez
e3056e737f
fix: avoid unintended effects on load_config_initializers and other gems load order 
Because of the sort algorithm rails uses to satisfy `after` and `before`
constraints, gems can have unintended effects on others. See
0a120a818d

Prefer making rack-attack middleware idempotent instead of relying on
the load order and the contents of the middleware stack too much.

closes #452
closes #456
 2019-10-29 15:45:26 -03:00
Gonzalo Rodriguez
55cb6def03
feat: clear custom response when clearing configuration 2019-10-17 14:26:22 -03:00
fatkodima
bdfb01ab5b Changes and tests 2019-10-08 12:29:25 +03:00
Gonzalo Rodriguez
bdc89dde7b
test: fix minitest/spec deprecation warnings 2019-10-01 17:19:44 -03:00
Gonzalo Rodriguez
8e3077c845
style: enabled Style/RedundantBegin rubocop 2019-03-01 21:10:40 -03:00
Gonzalo Rodriguez
20d668211e
style: fix Lint/HandleExceptions rubocop 2019-02-28 21:17:36 -03:00
Gonzalo Rodriguez
aca4078089
Remove unnecessary requires in spec_helper 2018-06-29 11:47:04 -03:00
Gonzalo Rodriguez
8315a1e7e1
Remove support for unmaintained ruby 2.2 2018-06-28 17:08:15 -03:00
Gonzalo Rodriguez
a1ea2f9aef
Avoid repetition in spec_helper 2018-06-22 19:04:47 -03:00
Gonzalo Rodriguez
a72bfb5fc7
Only require redis stores when running their respective appraisal 2018-06-22 18:55:27 -03:00
Gonzalo Rodriguez
bd2ade8977
Only require connection_pool running connection_pool appraisal 2018-06-22 17:45:58 -03:00
Gonzalo Rodriguez
79de0d53e1
Only require dalli when running dalli appraisal 2018-06-22 17:45:03 -03:00
Gonzalo Rodriguez
0c26efc187
Remove pry as a dev dependency. Using byebug. 2018-06-21 15:56:33 -03:00
Gonzalo Rodriguez
08861f8d17
Attempt to improve code legibility/clarity/semantics (#357) 
* attempt to improve semantics for legibility

* Attempt to improve legibility by simplifying

* Make it more clear that we're calling procs/blocks here

* Enable rubocop Style/BlockDelimiters cop

* Prefer 'request' over 'req' abbreviation for legibility/clarity

* Instances of Track named 'track' not 'tracker'
 2018-06-21 14:33:24 -03:00
Gonzalo Rodriguez
a99722bf4b
Avoid user confusion by renaming .clear! to .clear_configuration 2018-05-18 18:23:59 -03:00
Gonzalo Rodriguez
52ec80692d
Enable Lint rubocop cops 2018-04-17 16:27:56 -04:00
Lucas Mansur
11e9557ccb [Fixes #302] Initial style guide adoption (#330) 
* Initial Rubocop configuration

* Fix Rubocop layout offenses for lib

* Fix some spec offenses

* Fix leftover layout offenses
 2018-03-30 16:08:00 -03:00
Gonzalo Rodriguez
666dc3d894
Acceptance test ability to customize blocked/throttled responses (#298) 
* Acceptance test ability to customize blocked/throttled responses

* Don't let customizations to blocklisted/throttled responses leak to other test cases
 2018-03-15 15:24:22 -03:00
Gonzalo Rodriguez
2406435663
Ability to use byebug easily while developing/testing 2018-03-09 13:52:06 -03:00
Gonzalo Rodriguez
922917d5a4
Merge pull request #274 from grzuy/help_debug_cache_issues 
Help users understand more clearly when the store is misconfigured
 2018-03-09 10:28:08 -03:00
Gonzalo Rodriguez
53b0561e7f
Merge pull request #272 from grzuy/rack_lint 
Use Rack::Lint in tests to check any change continues to comply with the rack spec
 2018-03-09 10:11:05 -03:00
Gonzalo Rodriguez
7bb7a05987 Help users understand more clearly when the store is misconfigured 2018-02-01 10:06:39 -03:00
Gonzalo Rodriguez
f27432df91 Use Rack::Lint in tests to check any change continues complying with the rack spec 2018-01-30 10:08:20 -03:00
Gonzalo Rodriguez
ca739946ce Attempt to make it easier to understand that the method is making assertions 2018-01-25 10:53:47 -03:00
Gonzalo Rodriguez
34ee066eac Drop support for Rails 3 2018-01-23 16:12:16 -03:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
11faea4526 specs: use pry instead of debugger 2015-12-18 08:55:09 -05:00
hakanensari
bf40123c04 Move offline case to separate file 2014-04-15 16:17:27 +01:00
Aaron Suggs
c42e035f62 specs: fix MiniTest typo for older ruby versions 2013-10-09 15:31:52 -04:00
Vipul A M
384892ce4c Make debugger dependency only for ruby platforms 2013-05-06 20:58:01 +05:30
Vipul A M
4fcbe790ed Remove debugger dependency, as it isn't used 2013-05-06 11:53:58 +05:30
Aaron Suggs
ecec8576ae Show some minitest pride 2013-03-04 21:06:53 -05:00
Aaron Suggs
80367e1e4a Add Rack::Attack.track. 
track will fire notifications, but not alter request processing
 2013-01-10 19:02:49 -05:00
Aaron Suggs
e166e87fb9 Add throttle support 2012-07-27 17:22:49 -04:00
Aaron Suggs
7fab5df499 WIP 2012-07-24 19:59:46 -04:00
Aaron Suggs
140ea86b7c Initial commit 2012-07-24 19:40:55 -04:00