rack-attack

mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00

Author	SHA1	Message	Date
Gonzalo Rodriguez	bf4e902407	Merge pull request #408 from grzuy/style style: prefer ruby 1.9+ hash syntax	2019-02-28 21:07:20 -03:00
Gonzalo Rodriguez	f772d0b3cd	Merge pull request #406 from grzuy/optional_name Make blocklist/safelist name argument optional	2019-02-28 21:01:55 -03:00
Gonzalo Rodriguez	c67e71defe	style: prefer ruby 1.9+ hash syntax	2019-02-27 23:29:32 -03:00
Gonzalo Rodriguez	6addaa11d0	feat: make blocklist/safelist name argument optional	2019-02-24 21:04:51 -03:00
Gonzalo Rodriguez	6c6dfb06e3	feat: match ActiveSupport Instrumentation event name format spec	2019-02-24 20:19:38 -03:00
Gonzalo Rodriguez	58aa6714d8	test: let test file be run individually	2019-02-24 20:16:51 -03:00
Gonzalo Rodriguez	8cbd3dc0fc	feat: improve MisconfiguredStoreError exception message to aid debugging	2018-10-11 11:44:10 -03:00
Gonzalo Rodriguez	014f74b95d	Merge pull request #387 from grzuy/fix_redis_3_and_memory_store [Fixes #355] Fix unexpected error when using redis 3 and any store which is not proxied	2018-10-08 11:33:34 -03:00
Gonzalo Rodriguez	82c0a17dd4	Test against Redis 3.x	2018-09-30 22:02:33 -03:00
Gonzalo Rodriguez	91dbb52235	Remove unwrapping	2018-09-30 13:32:08 -03:00
Jonathan del Strother	5cdc15b35a	Add a proxy to deal with ActiveSupport::Cache::MemCacheStore If connection pooling is used with AS::Cache::MemCacheStore, unwrap_active_support_stores wouldn't return the underlying dalli instance(s), and so Rack::Attack.store would be the bare unproxied MemCacheStore instance. Calling write then increment would silently fail because :raw wasn't used. With this commit, we no longer try to unwrap AS::Cache::MemCacheStore instances.	2018-09-03 12:00:02 +01:00
Jonathan del Strother	03b8ce6f9e	Refactor the "doesn't leak keys" spec	2018-08-30 21:52:13 -03:00
Gonzalo Rodriguez	b40b5718dc	rubocop --auto-correct	2018-06-29 15:41:36 -03:00
Gonzalo Rodriguez	e50bfbebaa	Acceptance test plain redis as a cache store backend	2018-06-29 15:41:04 -03:00
Gonzalo Rodriguez	aca4078089	Remove unnecessary requires in spec_helper	2018-06-29 11:47:04 -03:00
Gonzalo Rodriguez	73bc739d5a	Merge remote-tracking branch 'doliveirakn/master'	2018-06-29 11:17:19 -03:00
Gonzalo Rodriguez	19e17562c1	Merge pull request #372 from grzuy/drop_deprecated_methods Remove previously deprecated public methods	2018-06-28 19:12:41 -03:00
Gonzalo Rodriguez	1c1ee918e1	Remove previously deprecated public methods	2018-06-28 17:16:33 -03:00
Gonzalo Rodriguez	8315a1e7e1	Remove support for unmaintained ruby 2.2	2018-06-28 17:08:15 -03:00
Gonzalo Rodriguez	8802ebfbaf	Merge branch '255-correct-object-for-instrumentation'	2018-06-28 16:40:08 -03:00
Gonzalo Rodriguez	a1ea2f9aef	Avoid repetition in spec_helper	2018-06-22 19:04:47 -03:00
Gonzalo Rodriguez	a72bfb5fc7	Only require redis stores when running their respective appraisal	2018-06-22 18:55:27 -03:00
Gonzalo Rodriguez	bd2ade8977	Only require connection_pool running connection_pool appraisal	2018-06-22 17:45:58 -03:00
Gonzalo Rodriguez	79de0d53e1	Only require dalli when running dalli appraisal	2018-06-22 17:45:03 -03:00
Gonzalo Rodriguez	9cc49b4760	Acceptance test ConnectionPool with Dalli::Client (via connection_pool and dalli) as cache store backend	2018-06-22 14:59:44 -03:00
Gonzalo Rodriguez	bcc1f5857e	Acceptance test ActiveSupport::Cache::MemoryStore (via activesupport) as cache store backend	2018-06-22 14:58:00 -03:00
Gonzalo Rodriguez	1f05ff30d5	Fix namespace of test file names	2018-06-22 14:55:22 -03:00
Gonzalo Rodriguez	831e4e9e97	Acceptance test Dalli::Client (via dalli) as cache store backend	2018-06-22 14:55:22 -03:00
Gonzalo Rodriguez	bca253c674	Acceptance test ActiveSupport::Cache::DalliStore (via dalli) as cache store backend	2018-06-22 14:54:46 -03:00
Gonzalo Rodriguez	93b1bf4c86	Acceptance test Redis::Store (redis-store) as cache store backend	2018-06-22 14:53:06 -03:00
Gonzalo Rodriguez	92f3b7fbd0	Acceptance test ActiveSupport::Cache::RedisStore (redis-activesupport) as cache store backend	2018-06-22 14:53:05 -03:00
Gonzalo Rodriguez	3f590e4774	Acceptance tests already cover integration with RedisCacheStore and MemCacheStore	2018-06-22 14:51:38 -03:00
Gonzalo Rodriguez	0c26efc187	Remove pry as a dev dependency. Using byebug.	2018-06-21 15:56:33 -03:00
Gonzalo Rodriguez	08861f8d17	Attempt to improve code legibility/clarity/semantics (#357 ) * attempt to improve semantics for legibility * Attempt to improve legibility by simplifying * Make it more clear that we're calling procs/blocks here * Enable rubocop Style/BlockDelimiters cop * Prefer 'request' over 'req' abbreviation for legibility/clarity * Instances of Track named 'track' not 'tracker'	2018-06-21 14:33:24 -03:00
Gonzalo Rodriguez	e830804586	Acceptance test pooled RedisCacheStore as a backend store	2018-06-20 17:47:21 -03:00
Gonzalo Rodriguez	86eb9f9e0a	Enable Style/BracesAroundHashParameters rubocop cop	2018-06-19 17:57:30 -03:00
Gonzalo Rodriguez	7438e5122e	Non-leak acceptance test should only care about presence, not exact value	2018-06-19 14:00:20 -03:00
Brian Kephart	4cc8d7d854	Support ActiveSupport::RedisCacheStore	2018-06-19 13:39:43 -03:00
Gonzalo Rodriguez	d831f2490e	Acceptance test RedisCacheStore as a store backend doesn't leak keys	2018-06-19 12:12:45 -03:00
Gonzalo Rodriguez	8f3bf216db	Acceptance test MemCacheStore as a store backend doesn't leak keys	2018-06-19 11:37:08 -03:00
Gonzalo Rodriguez	1942ab39ca	Merge pull request #343 from grzuy/acceptance_test_stores Acceptance test use of ActiveSupport::Cache::MemCacheStore	2018-05-21 09:58:35 -03:00
Gonzalo Rodriguez	a99722bf4b	Avoid user confusion by renaming .clear! to .clear_configuration	2018-05-18 18:23:59 -03:00
Gonzalo Rodriguez	379cd39dc9	Acceptance test use of ActiveSupport::Cache::MemCacheStore	2018-05-18 14:10:07 -03:00
Gonzalo Rodriguez	8ca804e668	Acceptance test use of ActiveSupport::Cache::RedisCacheStore	2018-05-17 13:44:52 -03:00
Gonzalo Rodriguez	52ec80692d	Enable Lint rubocop cops	2018-04-17 16:27:56 -04:00
Lucas Mansur	11e9557ccb	[Fixes #302 ] Initial style guide adoption (#330 ) * Initial Rubocop configuration * Fix Rubocop layout offenses for lib * Fix some spec offenses * Fix leftover layout offenses	2018-03-30 16:08:00 -03:00
Gonzalo Rodriguez	e907cc6b83	Provide shorthand to safelist an entire IP subnet	2018-03-26 18:00:02 -03:00
Gonzalo Rodriguez	27aab72d49	Provide shorthand to safelist an IP	2018-03-26 17:51:40 -03:00
Gonzalo Rodriguez	aec03047c5	Provide shorthand to blocklist an entire IP subnet	2018-03-26 17:35:41 -03:00
Gonzalo Rodriguez	dccce4ee3d	Provide shorthand to blocklist an IP	2018-03-26 17:33:58 -03:00
Gonzalo Rodriguez	4862ca5a00	Acceptance test ability to subscribe to safelisting events	2018-03-26 16:20:51 -03:00
Gonzalo Rodriguez	576a97c2a5	Acceptance test ability to subscribe to throttling events	2018-03-26 16:16:44 -03:00
Gonzalo Rodriguez	21fe32b895	Acceptance test ability to subscribe to blocking events	2018-03-26 16:00:32 -03:00
Gonzalo Rodriguez	7a87ca2ff7	Give clearer error message for misconfigured cache store for allow/fail2ban	2018-03-23 14:18:07 -03:00
Gonzalo Rodriguez	f99a7a0745	Merge pull request #311 from grzuy/acceptance_test_match_data Acceptance test access to match data in custom responses	2018-03-22 17:41:52 -03:00
Gonzalo Rodriguez	3f5574c4e4	Acceptance test ability to access match data in #throttled_response	2018-03-22 11:48:56 -03:00
Gonzalo Rodriguez	da1f54b6fc	Acceptance test ability to access match data in #blocklisted_response	2018-03-22 11:44:41 -03:00
Gonzalo Rodriguez	ba91e23419	Acceptance test ability to extend the request object	2018-03-22 10:44:32 -03:00
Gonzalo Rodriguez	0ff1b5be83	Make throttling_spec work when running it with rails 4.2	2018-03-21 17:29:44 -03:00
Gonzalo Rodriguez	08b2cc4d95	Acceptance test throttling with a dynamic period	2018-03-21 17:10:27 -03:00
Domenoth	5004b04ac7	Change object type yielded to ActiveSupport::Subscribers https://github.com/kickstarter/rack-attack/issues/255 Change the object type from instances of type Rack::Attack::Request to instances of type Hash. (`req` becomes `request: req`).	2018-03-21 11:32:09 -07:00
Gonzalo Rodriguez	e17d2d8974	Acceptance test throttling with a dynamic limit	2018-03-20 19:07:31 -03:00
Gonzalo Rodriguez	8b4f27827d	Merge pull request #307 from grzuy/acceptance_test_store_config Acceptance test cache store config when Rails is present	2018-03-20 18:15:25 -03:00
Gonzalo Rodriguez	330d25c832	Acceptance test cache store config when Rails is present	2018-03-20 11:42:27 -03:00
Gonzalo Rodriguez	5e0cd031b6	Acceptance test throttle Retry-After header	2018-03-20 10:24:25 -03:00
Gonzalo Rodriguez	bde30e38d7	Acceptance test cache store config for allow2ban	2018-03-16 18:20:27 -03:00
Gonzalo Rodriguez	32ec6f778a	Acceptance test cache store config for fail2ban	2018-03-16 18:11:45 -03:00
Gonzalo Rodriguez	9e16049d00	Merge branch 'acceptance_test_fail2ban'	2018-03-16 16:44:03 -03:00
Gonzalo Rodriguez	4d5a6936ce	Acceptance test allow2ban	2018-03-16 16:14:52 -03:00
Gonzalo Rodriguez	14c8b9261c	Acceptance test fail2ban	2018-03-16 15:29:01 -03:00
Gonzalo Rodriguez	666dc3d894	Acceptance test ability to customize blocked/throttled responses (#298 ) * Acceptance test ability to customize blocked/throttled responses * Don't let customizations to blocklisted/throttled responses leak to other test cases	2018-03-15 15:24:22 -03:00
Gonzalo Rodriguez	02908ce5ca	Acceptance test cache store config for throttle without Rails	2018-03-14 17:40:30 -03:00
Gonzalo Rodriguez	564cbedb36	Acceptance test that tracking throttles doesn't actually throttle requests	2018-03-13 18:27:19 -03:00
Gonzalo Rodriguez	066434973f	Acceptance test Rack::Attack#track for throttle	2018-03-13 14:43:37 -03:00
Gonzalo Rodriguez	569ecec7c7	Acceptance test Rack::Attack#track	2018-03-13 14:19:22 -03:00
Gonzalo Rodriguez	2406435663	Ability to use byebug easily while developing/testing	2018-03-09 13:52:06 -03:00
Gonzalo Rodriguez	922917d5a4	Merge pull request #274 from grzuy/help_debug_cache_issues Help users understand more clearly when the store is misconfigured	2018-03-09 10:28:08 -03:00
Gonzalo Rodriguez	53b0561e7f	Merge pull request #272 from grzuy/rack_lint Use Rack::Lint in tests to check any change continues to comply with the rack spec	2018-03-09 10:11:05 -03:00
Gonzalo Rodriguez	8603a3e056	Merge pull request #266 from grzuy/test_understandability Attempt to make it easier to understand that the method is making assertions	2018-03-09 10:10:48 -03:00
Gonzalo Rodriguez	66909c6419	Merge pull request #269 from grzuy/acceptance_tests Adds acceptance-oriented tests	2018-03-08 18:17:35 -03:00
Kyle d'Oliveira	9dbece5272	Add an reader for the epoch_time variable in the cache so that it can also be returned in the data from the throttle. This is allows access to the same time that the cache uses for the count. This can be important for clients that want to provide rate limit information for well-behaved clients	2018-02-15 14:45:35 -08:00
Gonzalo Rodriguez	7bb7a05987	Help users understand more clearly when the store is misconfigured	2018-02-01 10:06:39 -03:00
Gonzalo Rodriguez	f27432df91	Use Rack::Lint in tests to check any change continues complying with the rack spec	2018-01-30 10:08:20 -03:00
Gonzalo Rodriguez	980633e1a9	Adds acceptance-oriented tests	2018-01-25 18:21:29 -03:00
Gonzalo Rodriguez	73e267782b	Remove request duplication in rack_attack_spec.rb	2018-01-25 10:54:19 -03:00
Gonzalo Rodriguez	ca739946ce	Attempt to make it easier to understand that the method is making assertions	2018-01-25 10:53:47 -03:00
Corey Farwell	6f545e2665	Merge pull request #262 from grzuy/legibility Attempt to improve legibility	2018-01-23 17:46:03 -05:00
Corey Farwell	f91f3a403c	Merge pull request #264 from grzuy/drop_support_for_rails_3 Drop support for unmaintaned Rails 3	2018-01-23 17:45:29 -05:00
Gonzalo Rodriguez	34ee066eac	Drop support for Rails 3	2018-01-23 16:12:16 -03:00
Gonzalo Rodriguez	e8102910bf	Fixes warning 'DEPRECATED: Use assert_nil if expecting nil from ...'	2018-01-23 15:07:49 -03:00
Gonzalo	79d21fc3ac	Attempt to improve legibility	2018-01-19 12:00:38 -03:00
Mike Ferrier	031efcd123	add a spec to specify the behavior of non-matching throttle blocks	2016-07-13 10:20:08 -04:00
Aaron Suggs	ff22014a03	[tests] Fix gotcha with new activesupport redis versions This fixes the error: uninitialized constant ActiveSupport::VERSION when loading active_support/cache/redis_store	2016-07-11 15:23:06 -04:00
Aaron Suggs	f5f08d56e5	More safelist/blocklist refactoring - Add Rack::Attack namespace to deprecation warning. - Add deprecated Rack::Attack.blacklisted_response attr methods.	2016-07-04 21:42:41 -04:00
Renée Hendricksen	e1a0c804e1	suggesting changing whitelist/blacklist language to less controversial safelist/blocklist language add deprication warnings fix the method signatures	2016-07-01 21:44:45 -04:00
Vincent Boisard	297ef4a2ae	Merge branch 'master' of github.com:kickstarter/rack-attack	2015-12-29 10:10:36 +01:00
Aaron Suggs	76c2e31430	Normalize request paths when using Rails' ActionDispatch The issue --- When using rack-attack with a rails app, developers expect the request path to be normalized. In particular, trailing slashes are stripped so a request path "/login/" becomes "/login" by the time you're in ActionController. Since Rack::Attack runs before ActionDispatch, the request path is not yet normalized. This can cause throttles and blacklists to not work as expected. E.g., a throttle: throttle('logins', ...) {\|req\| req.path == "/login" } would not match a request to '/login/', though Rails would route '/login/' to the same '/login' action. The solution --- This patch looks if ActionDispatch's request normalization is loaded, and if so, uses it to normalize the path before processing throttles, blacklists, etc. If it's not loaded, the request path is not modified. Credit --- Thanks to Andres Riancho at Include Security for reporting this issue.	2015-12-18 11:12:11 -05:00
Aaron Suggs	11faea4526	specs: use pry instead of debugger	2015-12-18 08:55:09 -05:00
Vincent Boisard	397a7ce7b4	feature: support for ActiveSupport::MemCacheStore	2015-12-08 10:53:53 +01:00
Aaron Suggs	64fe10f64e	Clarifying comments for #delete spec method	2015-05-22 13:48:32 -04:00

1 2 3 4

200 commits