sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
472 commits 1 branch 0 tags 1.1 MiB
Commit graph

27 commits

Author SHA1 Message Date
Gonzalo Rodriguez
d01c3e61d4
Enforce every rack-attack contributor runs same rubocop version 2018-04-17 16:00:00 -04:00
Gonzalo Rodriguez
29424fb993
Enable Gemspec rubocop cops 
Run rubocop against oldest supported ruby
 2018-04-17 14:08:00 -04:00
Lucas Mansur
11e9557ccb [Fixes #302] Initial style guide adoption (#330) 
* Initial Rubocop configuration

* Fix Rubocop layout offenses for lib

* Fix some spec offenses

* Fix leftover layout offenses
 2018-03-30 16:08:00 -03:00
Koen Rouwhorst
0457bf22f9 Updated all non-secure HTTP URLs to HTTPS. 2018-03-29 18:41:40 +02:00
Gonzalo Rodriguez
330d25c832
Acceptance test cache store config when Rails is present 2018-03-20 11:42:27 -03:00
Gonzalo Rodriguez
2406435663
Ability to use byebug easily while developing/testing 2018-03-09 13:52:06 -03:00
Gonzalo Rodriguez
859c212058 Merge branch 'master' into move_all_deps_to_gemspec 2018-03-09 10:19:25 -03:00
Gonzalo Rodriguez
d6d471fea5 Move all dependencies to gemspec 2018-02-02 16:05:04 -03:00
Gonzalo Rodriguez
980633e1a9 Adds acceptance-oriented tests 2018-01-25 18:21:29 -03:00
Vincent Boisard
ba9f2c3be6 fix: move dev depencies to gemspec 2016-01-07 21:00:36 +01:00
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
2b14a1528b Remove support for ruby 1.9 2015-11-06 10:32:14 -05:00
hakanensari
0640a53cdf Use Appraisal to test against multiple versions 2014-04-09 13:11:43 +01:00
hakanensari
128c5aa9bf Support a Dalli Connection Pool 2014-04-01 12:10:32 +01:00
Aaron Suggs
f8b516fb11 Remove debugger as development dependency 2013-12-27 22:28:13 -05:00
Aaron Suggs
5a37bb102f Add license to gemspec 
Fixes issue #26
 2013-07-17 10:37:26 -04:00
Zach Millman
1c501e81a6 Reduce Ruby version dependency to 1.9.2 
Also added 1.9.2 to Travis config file
 2013-07-12 15:02:52 -07:00
Vipul A M
384892ce4c Make debugger dependency only for ruby platforms 2013-05-06 20:58:01 +05:30
Vipul A M
4fcbe790ed Remove debugger dependency, as it isn't used 2013-05-06 11:53:58 +05:30
Vipul A M
9c0cbad1e7 bump debugger version for 2.0 support 2013-05-03 12:33:38 +05:30
Aaron Suggs
cf508e1d18 Support RedisStore as cache store 
Add tests for different cache stores
 2013-02-25 12:09:59 -05:00
Aaron Suggs
f82750c1c2 Move license to readme 
…so it doesn't mess with autocomplete.
 2012-07-30 15:46:47 -04:00
Aaron Suggs
359ebe9068 Change description 2012-07-29 10:52:00 -04:00
Aaron Suggs
c22c33f9ec add rake 2012-07-27 09:56:15 -04:00
Aaron Suggs
9284a08cc3 Whitelists support 2012-07-26 17:29:09 -04:00
Aaron Suggs
885b19c633 added license and readme 2012-07-25 10:25:14 -04:00
Aaron Suggs
140ea86b7c Initial commit 2012-07-24 19:40:55 -04:00