init

.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*~

Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in limiter.gemspec
+gemspec

LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2012 wangxz
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,29 @@
+# Limiter
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'limiter'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install limiter
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

lib/limiter.rb

@@ -0,0 +1,7 @@
+# -*- encoding : utf-8 -*-
+require "limiter/version"
+require "limiter/base"
+require "limiter/white_list"
+require "limiter/black_list"
+require "limiter/rate_limiter"
+require "limiter/visit_counter"

lib/limiter/base.rb

@@ -0,0 +1,129 @@
+# -*- encoding : utf-8 -*-
+# This is the base class for rate limiter implementations.
+#
+# @example Defining a rate limiter subclass
+#   class MyLimiter < Limiter::Base
+#     def allowed?(request)
+#       # TODO: custom logic goes here
+#     end
+#   end
+#
+module Limiter
+  class Base
+    attr_reader :app
+    attr_reader :options
+    attr_reader :white_list
+    attr_reader :black_list
+    attr_reader :allow_path
+
+    ##
+    # @param  [#call]                    app
+    # @param  [Hash{Symbol => Object}]   options
+    # @option options [BlackList]        :black_list  (BlackList.new($redis))
+    # @option options [WhiteList]        :white_list  (WhiteList.new($redis))
+    # @option options [String/Regexp]    :allow_path  ("/human_test")
+    # @option options [Integer]          :code        (403)
+    # @option options [String]           :message     ("Rate Limit Exceeded")
+
+    def initialize(app, options = {})
+      @black_list = options[:black_list]
+      @white_list = options[:white_list]
+      @allow_path = options[:allow_path]
+      @app, @options = app, options
+    end
+
+    ##
+    # @param  [Hash{String => String}] env
+    # @return [Array(Integer, Hash, #each)]
+    # @see    http://rack.rubyforge.org/doc/SPEC.html
+    def call(env)
+      request = Rack::Request.new(env)
+      allowed?(request) ? app.call(env) : rate_limit_exceeded
+    end
+
+    ##
+    # Returns `false` if the rate limit has been exceeded for the given
+    # `request`, or `true` otherwise.
+    #
+    # Override this method in subclasses that implement custom rate limiter
+    # strategies.
+    #
+    # @param  [Rack::Request] request
+    # @return [Boolean]
+    def allowed?(request)
+      case
+      when allow_path?(request)  then true
+      when whitelisted?(request) then true
+      when blacklisted?(request) then false
+      else nil # override in subclasses
+      end
+    end
+
+    def whitelisted?(request)
+      white_list.member?(client_identifier(request))
+    end
+
+    def blacklisted?(request)
+      black_list.member?(client_identifier(request))
+    end
+
+    def allow_path?(request)
+      if allow_path.is_a?(Regexp)
+        request.path =~ allow_path
+      else
+        request.path == allow_path
+      end
+    end
+
+    protected
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [String]
+    def client_identifier(request)
+      request.ip.to_s
+    end
+
+    ##
+    # @param  [Rack::Request] request
+    # @return [Float]
+    def request_start_time(request)
+      case
+      when request.env.has_key?('HTTP_X_REQUEST_START')
+        request.env['HTTP_X_REQUEST_START'].to_f / 1000
+      else
+        Time.now.to_f
+      end
+    end
+
+    ##
+    # Outputs a `Rate Limit Exceeded` error.
+    #
+    # @return [Array(Integer, Hash, #each)]
+    def rate_limit_exceeded
+      headers = respond_to?(:retry_after) ? {'Retry-After' => retry_after.to_f.ceil.to_s} : {}
+      http_error(options[:code] || 403, options[:message] || 'Rate Limit Exceeded', headers)
+    end
+
+    ##
+    # Outputs an HTTP `4xx` or `5xx` response.
+    #
+    # @param  [Integer]                code
+    # @param  [String, #to_s]          message
+    # @param  [Hash{String => String}] headers
+    # @return [Array(Integer, Hash, #each)]
+    def http_error(code, message = nil, headers = {})
+      [code, {'Content-Type' => 'text/plain; charset=utf-8'}.merge(headers),
+        http_status(code) + (message.nil? ? "\n" : " (#{message})\n")]
+    end
+
+    ##
+    # Returns the standard HTTP status message for the given status `code`.
+    #
+    # @param  [Integer] code
+    # @return [String]
+    def http_status(code)
+      [code, Rack::Utils::HTTP_STATUS_CODES[code]].join(' ')
+    end
+  end
+end

lib/limiter/black_list.rb

@@ -0,0 +1,28 @@
+# -*- encoding : utf-8 -*-
+module Limiter
+  class BlackList
+    def initialize(cache_store)
+      @cache_store = cache_store
+    end
+
+    def list
+      @cache_store.smembers(key)
+    end
+
+    def add(ip)
+      @cache_store.sadd(key, ip)
+    end
+
+    def remove(ip)
+      @cache_store.srem(key, ip)
+    end
+
+    def member?(ip)
+      @cache_store.sismember(key, ip)
+    end
+
+    def key
+      "limiter/black_list"
+    end
+  end
+end

lib/limiter/rate_limiter.rb

@@ -0,0 +1,49 @@
+# -*- encoding : utf-8 -*-
+module Limiter
+  class RateLimiter < Base
+    GET_TTL = 20.minutes
+    MAX_GET_NUM = 1000
+
+    POST_TTL = 5.seconds
+    MAX_POST_NUM = 20
+
+    def initialize(app, options = {})
+      super
+    end
+
+    def visit_counter
+      @visit_counter ||= options[:visit_counter]
+    end
+
+    def allowed?(request)
+      common_allowed = super
+      return true if common_allowed == true
+      return false if common_allowed == false
+
+      client_id = client_identifier(request)
+      post_count = read_and_incr_post_num(request, client_id)
+      get_count = read_and_incr_get_num(request, client_id)
+
+      return false if (get_count > MAX_GET_NUM || post_count > MAX_POST_NUM)
+      return true
+    end
+
+    private
+
+    def read_and_incr_post_num(request, client_id)
+      if request.post?
+        post_count = visit_counter.count(client_id, "POST")
+        visit_counter.incr(client_id, "POST", POST_TTL)
+        return post_count
+      end
+      return 0
+    end
+
+    def read_and_incr_get_num(request, client_id)
+      get_count = visit_counter.count(client_id, "GET")
+      visit_counter.incr(client_id, "GET", GET_TTL)
+      return get_count
+    end
+
+  end
+end

lib/limiter/version.rb

@@ -0,0 +1,4 @@
+# -*- encoding : utf-8 -*-
+module Limiter
+  VERSION = "0.0.1"
+end

lib/limiter/visit_counter.rb

@@ -0,0 +1,35 @@
+# -*- encoding : utf-8 -*-
+module Limiter
+  class VisitCounter
+    def initialize(cache_store)
+      @cache_store = cache_store
+    end
+
+    def remove(ip, method)
+      cache_key = [key, ip, method].join("/")
+      @cache_store.del(cache_key)
+    end
+
+    def incr(ip, method, ttl)
+      cache_key = [key, ip, method].join("/")
+      @cache_store.multi do
+        @cache_store.incr(cache_key)
+        @cache_store.expire(cache_key, ttl)
+      end
+    end
+
+    def count(ip, method)
+      cache_key = [key, ip, method].join("/")
+      @cache_store.get(cache_key).to_i
+    end
+
+    def set(ip, method, ttl, num)
+      cache_key = [key, ip, method].join("/")
+      @cache_store.setex(cache_key, ttl, num)
+    end
+
+    def key
+      "limiter/vc"
+    end
+  end
+end

lib/limiter/white_list.rb

@@ -0,0 +1,28 @@
+# -*- encoding : utf-8 -*-
+module Limiter
+  class WhiteList
+    def initialize(cache_store)
+      @cache_store = cache_store
+    end
+
+    def list
+      @cache_store.smembers(key)
+    end
+
+    def add(ip)
+      @cache_store.sadd(key, ip)
+    end
+
+    def remove(ip)
+      @cache_store.srem(key, ip)
+    end
+
+    def member?(ip)
+      @cache_store.sismember(key, ip)
+    end
+
+    def key
+      "limiter/white_list"
+    end
+  end
+end

limiter.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'limiter/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "limiter"
+  gem.version       = Limiter::VERSION
+  gem.authors       = ["wangxz"]
+  gem.email         = ["wangxz@csdn.net"]
+  gem.description   = %q{TODO: Write a gem description}
+  gem.summary       = %q{TODO: Write a gem summary}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+end