Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enable override of ip from outside Add retry after option Add ip and rule whitelisting Adapt README
- Loading branch information
Showing
6 changed files
with
249 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,4 +39,4 @@ DEPENDENCIES | |
yard | ||
|
||
BUNDLED WITH | ||
1.14.3 | ||
1.16.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
module Rack | ||
module Throttle | ||
class Rules < TimeWindow | ||
## | ||
# @param [#call] app | ||
# @param [Hash{Symbol => Object}] options | ||
# @option options [Integer] :max (1) | ||
def initialize(app, options = {}) | ||
super | ||
end | ||
|
||
def rules | ||
@rules ||= begin | ||
rs = options[:rules] | ||
rs.sort_by { |r| r[:path].to_s }.reverse | ||
end | ||
end | ||
|
||
def retry_after | ||
@min ||= (options[:min] || 3600) | ||
end | ||
|
||
def default_limit | ||
@default_limit ||= options[:default] || 1_000_000_000 | ||
end | ||
|
||
def ips | ||
@ips ||= options[:ip_whitelist] || [] | ||
end | ||
|
||
def whitelisted?(request) | ||
return true if ip_whitelisted?(ip(request)) | ||
return true if path_whitelisted?(request) | ||
false | ||
end | ||
|
||
def ip_whitelisted?(request_ip) | ||
!!ips.find { |ip| ip.to_s == request_ip.to_s } | ||
end | ||
|
||
def path_whitelisted?(request) | ||
rule = rule_for(request) | ||
rule ? rule[:whitelisted] : false | ||
end | ||
|
||
def rule_for(request) | ||
rules.find do |rule| | ||
next unless rule[:method] == request.request_method.to_s | ||
next unless path_matches?(rule, request.path.to_s) | ||
rule | ||
end | ||
end | ||
|
||
def path_matches?(rule, path) | ||
return true unless rule[:path] | ||
return true if path.to_s.match(rule[:path]) | ||
false | ||
end | ||
|
||
def max_per_window(request) | ||
rule = rule_for(request) | ||
rule ? rule[:limit] : default_limit | ||
end | ||
|
||
def client_identifier(request) | ||
if (rule = rule_for(request)) | ||
"#{ip(request)}_#{rule[:method]}_#{rule[:path]}" | ||
else | ||
ip(request) | ||
end | ||
end | ||
|
||
def ip(request) | ||
request.ip.to_s | ||
end | ||
|
||
def cache_key(request) | ||
[super, Time.now.strftime(time_string)].join(':') | ||
end | ||
|
||
def time_string | ||
@time_string ||= case options[:time_window] | ||
when :second then '%Y-%m-%dT%H:%M:%S' | ||
when :minute then '%Y-%m-%dT%H:%M' | ||
when :hour then '%Y-%m-%dT%H' | ||
when :day then '%Y-%m-%d' | ||
else '%Y-%m-%dT%H:%M:%S' | ||
end | ||
end | ||
end | ||
end | ||
end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
require 'spec_helper' | ||
|
||
describe Rack::Throttle::Rules do | ||
include Rack::Test::Methods | ||
|
||
include_context 'mock app' | ||
|
||
let(:options) do | ||
{ | ||
rules: [ | ||
{ method: "POST", limit: 5 }, | ||
{ method: "GET", limit: 3 }, | ||
{ method: "GET", path: "/bar/.*/muh", limit: 5 }, | ||
{ method: "GET", path: "/white/list/me", whitelisted: true } | ||
], | ||
ip_whitelist: [ | ||
"123.123.123.123" | ||
], | ||
default: 10 | ||
} | ||
end | ||
|
||
let(:app) { described_class.new(target_app, options) } | ||
|
||
describe "allowed" do | ||
|
||
it "should be allowed if not seen this second" do | ||
allow_any_instance_of(Rack::Throttle::Rules).to receive(:ip).and_return("123.123.123.123") | ||
10.times { get "/bar/124/muh" } | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed unlimited times" do | ||
100.times { get "/white/list/me" } | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed if not seen this second" do | ||
get "/bar/124/muh" | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed if not seen this second" do | ||
5.times { get "/bar/124/muh" } | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed if not seen this second" do | ||
get "/foo" | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed if seen fewer times than the max allowed per second" do | ||
3.times { get "/foo" } | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed if seen fewer times than the max allowed per second" do | ||
5.times { post "/foo" } | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
it "should be allowed if seen fewer than the default limit" do | ||
9.times { put "/foo" } | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
|
||
[:second_ago, :minute_ago, :hour_ago, :day_ago].each do |time| | ||
it "should not count the requests from a #{time.to_s.split('_').join(' ')} against this second" do | ||
Timecop.freeze(1.send(time)) do | ||
20.times { get "/foo" } | ||
expect(last_response.body).to show_throttled_response | ||
end | ||
|
||
get "/foo" | ||
expect(last_response.body).to show_allowed_response | ||
end | ||
end | ||
|
||
end | ||
|
||
describe "throttled" do | ||
|
||
it "should not be allowed if seen more times than the max allowed per second" do | ||
10.times { get "/foo" } | ||
expect(last_response.body).to show_throttled_response | ||
end | ||
|
||
it "should not be allowed if seen more times than the max allowed per second" do | ||
10.times { post "/foo" } | ||
expect(last_response.body).to show_throttled_response | ||
end | ||
|
||
it "should not be allowed if seen more times than the default defines" do | ||
15.times { put "/foo" } | ||
expect(last_response.body).to show_throttled_response | ||
end | ||
|
||
it "should be allowed if not seen this second" do | ||
6.times { get "/bar/124/muh" } | ||
expect(last_response.body).to show_throttled_response | ||
end | ||
|
||
it "should be allowed if not seen this second" do | ||
allow_any_instance_of(Rack::Throttle::Rules).to receive(:ip).and_return("1.1.1.1") | ||
10.times { get "/bar/124/muh" } | ||
expect(last_response.body).to show_throttled_response | ||
end | ||
|
||
end | ||
|
||
end |