mirror of
https://github.com/samsonjs/rack-attack.git
synced 2026-03-25 09:25:49 +00:00
f737dbb78c
It has a couple of cons:
1. If we slip a typo in the whole line, we won't easily catch it. Can
you guys spot the problem problem in the following line? Chasing such
issues is quite tricky.
```ruby
retry_after = evn['rack.attack.match_data'][:period] rescue nil
```
2. Throwing and catching an exception is quite slower than a new hash
allocation, so there is a speed benefit too.
We are guaranteed from Rack that env is a `Hash`, so we can even use
`Hash#fetch`.
```ruby
retry_after = env.fetch('rack.attack.match_data', {})[:period]
```
This reads better, but always allocates the default value hash, when the
other version allocates it only when needed. If you prefer `Hash#fetch`,
I'm fine with that, as long as we avoid `rescue nil`.
113 lines
2.9 KiB
Ruby
113 lines
2.9 KiB
Ruby
require 'rack'
|
|
require 'forwardable'
|
|
|
|
class Rack::Attack
|
|
autoload :Cache, 'rack/attack/cache'
|
|
autoload :Check, 'rack/attack/check'
|
|
autoload :Throttle, 'rack/attack/throttle'
|
|
autoload :Whitelist, 'rack/attack/whitelist'
|
|
autoload :Blacklist, 'rack/attack/blacklist'
|
|
autoload :Track, 'rack/attack/track'
|
|
autoload :StoreProxy, 'rack/attack/store_proxy'
|
|
autoload :DalliProxy, 'rack/attack/store_proxy/dalli_proxy'
|
|
autoload :RedisStoreProxy, 'rack/attack/store_proxy/redis_store_proxy'
|
|
autoload :Fail2Ban, 'rack/attack/fail2ban'
|
|
autoload :Allow2Ban, 'rack/attack/allow2ban'
|
|
autoload :Request, 'rack/attack/request'
|
|
|
|
class << self
|
|
|
|
attr_accessor :notifier, :blacklisted_response, :throttled_response
|
|
|
|
def whitelist(name, &block)
|
|
self.whitelists[name] = Whitelist.new(name, block)
|
|
end
|
|
|
|
def blacklist(name, &block)
|
|
self.blacklists[name] = Blacklist.new(name, block)
|
|
end
|
|
|
|
def throttle(name, options, &block)
|
|
self.throttles[name] = Throttle.new(name, options, block)
|
|
end
|
|
|
|
def track(name, options = {}, &block)
|
|
self.tracks[name] = Track.new(name, options, block)
|
|
end
|
|
|
|
def whitelists; @whitelists ||= {}; end
|
|
def blacklists; @blacklists ||= {}; end
|
|
def throttles; @throttles ||= {}; end
|
|
def tracks; @tracks ||= {}; end
|
|
|
|
def whitelisted?(req)
|
|
whitelists.any? do |name, whitelist|
|
|
whitelist[req]
|
|
end
|
|
end
|
|
|
|
def blacklisted?(req)
|
|
blacklists.any? do |name, blacklist|
|
|
blacklist[req]
|
|
end
|
|
end
|
|
|
|
def throttled?(req)
|
|
throttles.any? do |name, throttle|
|
|
throttle[req]
|
|
end
|
|
end
|
|
|
|
def tracked?(req)
|
|
tracks.each_value do |tracker|
|
|
tracker[req]
|
|
end
|
|
end
|
|
|
|
def instrument(req)
|
|
notifier.instrument('rack.attack', req) if notifier
|
|
end
|
|
|
|
def cache
|
|
@cache ||= Cache.new
|
|
end
|
|
|
|
def clear!
|
|
@whitelists, @blacklists, @throttles, @tracks = {}, {}, {}, {}
|
|
end
|
|
|
|
end
|
|
|
|
# Set defaults
|
|
@notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
|
|
@blacklisted_response = lambda {|env| [403, {'Content-Type' => 'text/plain'}, ["Forbidden\n"]] }
|
|
@throttled_response = lambda {|env|
|
|
retry_after = (env['rack.attack.match_data'] || {})[:period]
|
|
[429, {'Content-Type' => 'text/plain', 'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
|
|
}
|
|
|
|
def initialize(app)
|
|
@app = app
|
|
end
|
|
|
|
def call(env)
|
|
req = Rack::Attack::Request.new(env)
|
|
|
|
if whitelisted?(req)
|
|
@app.call(env)
|
|
elsif blacklisted?(req)
|
|
self.class.blacklisted_response[env]
|
|
elsif throttled?(req)
|
|
self.class.throttled_response[env]
|
|
else
|
|
tracked?(req)
|
|
@app.call(env)
|
|
end
|
|
end
|
|
|
|
extend Forwardable
|
|
def_delegators self, :whitelisted?,
|
|
:blacklisted?,
|
|
:throttled?,
|
|
:tracked?
|
|
end
|