Skip to content

Commit

Permalink
Merge pull request #28 from OpenSourcePolitics/fix/add-rack_attack-co…
Browse files Browse the repository at this point in the history 
…nfig

Create rack_attack.rb
  • Loading branch information
@moustachu
moustachu committed Nov 7, 2022
2 parents aa09507 + 956535a commit 622f1b7
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions config/initializers/rack_attack.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# frozen_string_literal: true

if Rails.env.production?
# Remove the original throttle fron decidim-core
# see https://github.com/decidim/decidim/blob/release/0.26-stable/decidim-core/config/initializers/rack_attack.rb#L19
Rails.application.config.after_initialize do
Rack::Attack.throttles.delete("requests by ip")
end
Rack::Attack.throttle("req/ip",
limit: Decidim.throttling_max_requests,
period: Decidim.throttling_period) do |req|
next if req.path.start_with?("/decidim-packs")
next if req.path.start_with?("/rails/active_storage")

req.ip
end
ActiveSupport::Notifications.subscribe("throttle.rack_attack") do |name, start, finish, request_id, payload|
# request object available in payload[:request]

rack_logger = Logger.new(Rails.root.join("log/rack_attack.log"))

request = payload[:request]

params = {
"name" => name,
"start" => start,
"finish" => finish,
"request_id" => request_id,
"payload" => request.instance_variable_get(:@env)["rack.attack.match_data"],
"ip" => request.ip,
"path" => request.path,
"get" => request.GET,
"post" => request.POST,
"host" => request.host,
"referer" => request.referer
}

rack_logger.warn("[Rack::Attack] [THROTTLE - req / ip] | #{params}")
end
end

0 comments on commit 622f1b7

Please sign in to comment.