From 36b830ab3ca8622f6e1acafcca1245ec0f75f1fd Mon Sep 17 00:00:00 2001 From: Gonzalo <456459+grzuy@users.noreply.github.com> Date: Wed, 25 Oct 2023 23:37:16 -0300 Subject: [PATCH 1/3] ci: update tested rails versions (#626) --- .github/workflows/build.yml | 9 ---- Appraisals | 8 ---- gemfiles/rails_4_2.gemfile | 13 ------ spec/rack_attack_instrumentation_spec.rb | 52 +++++++++++------------- 4 files changed, 24 insertions(+), 58 deletions(-) delete mode 100644 gemfiles/rails_4_2.gemfile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cc3200cc..3237bd4d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,6 @@ jobs: - rails_6_1 - rails_6_0 - rails_5_2 - - rails_4_2 - dalli3 - dalli2 - redis_5 @@ -56,8 +55,6 @@ jobs: ruby: 3.2.2 - gemfile: active_support_5_redis_cache_store_pooled ruby: 3.2.2 - - gemfile: rails_4_2 - ruby: 3.2.2 - gemfile: dalli2 ruby: 3.2.2 - gemfile: rack_1 @@ -68,8 +65,6 @@ jobs: ruby: 3.1.4 - gemfile: active_support_5_redis_cache_store_pooled ruby: 3.1.4 - - gemfile: rails_4_2 - ruby: 3.1.4 - gemfile: dalli2 ruby: 3.1.4 - gemfile: rack_1 @@ -80,14 +75,10 @@ jobs: ruby: 3.0.6 - gemfile: active_support_5_redis_cache_store_pooled ruby: 3.0.6 - - gemfile: rails_4_2 - ruby: 3.0.6 - gemfile: dalli2 ruby: 3.0.6 - gemfile: rack_1 ruby: 2.7.8 - - gemfile: rails_4_2 - ruby: 2.7.8 - gemfile: rails_7_0 ruby: 2.6.10 - gemfile: rails_7_0 diff --git a/Appraisals b/Appraisals index 185740dc..f68e8b7f 100644 --- a/Appraisals +++ b/Appraisals @@ -41,14 +41,6 @@ appraise 'rails_5-2' do gem 'railties', '~> 5.2.0' end -appraise 'rails_4-2' do - gem 'railties', '~> 4.2.0' - - # Override rack-test version constraint by making it more loose - # so it's compatible with actionpack 4.2.x - gem "rack-test", ">= 0.6" -end - appraise 'dalli2' do gem 'dalli', '~> 2.0' end diff --git a/gemfiles/rails_4_2.gemfile b/gemfiles/rails_4_2.gemfile deleted file mode 100644 index 4209e6dc..00000000 --- a/gemfiles/rails_4_2.gemfile +++ /dev/null @@ -1,13 +0,0 @@ -# This file was generated by Appraisal - -source "https://rubygems.org" - -gem "railties", "~> 4.2.0" -gem "rack-test", ">= 0.6" - -group :maintenance, optional: true do - gem "bake" - gem "bake-gem" -end - -gemspec path: "../" diff --git a/spec/rack_attack_instrumentation_spec.rb b/spec/rack_attack_instrumentation_spec.rb index 111ad148..d2291f77 100644 --- a/spec/rack_attack_instrumentation_spec.rb +++ b/spec/rack_attack_instrumentation_spec.rb @@ -2,42 +2,38 @@ require_relative "spec_helper" require 'active_support' +require 'active_support/subscriber' -# ActiveSupport::Subscribers added in ~> 4.0.2.0 -if ActiveSupport::VERSION::MAJOR > 3 - require_relative 'spec_helper' - require 'active_support/subscriber' - class CustomSubscriber < ActiveSupport::Subscriber - @notification_count = 0 +class CustomSubscriber < ActiveSupport::Subscriber + @notification_count = 0 - class << self - attr_accessor :notification_count - end + class << self + attr_accessor :notification_count + end - def throttle(_event) - self.class.notification_count += 1 - end + def throttle(_event) + self.class.notification_count += 1 end +end - describe 'Rack::Attack.instrument' do - before do - @period = 60 # Use a long period; failures due to cache key rotation less likely - Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new - Rack::Attack.throttle('ip/sec', limit: 1, period: @period) { |req| req.ip } - end +describe 'Rack::Attack.instrument' do + before do + @period = 60 # Use a long period; failures due to cache key rotation less likely + Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new + Rack::Attack.throttle('ip/sec', limit: 1, period: @period) { |req| req.ip } + end - describe "with throttling" do - before do - ActiveSupport::Notifications.stub(:notifier, ActiveSupport::Notifications::Fanout.new) do - CustomSubscriber.attach_to("rack_attack") - 2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } - end + describe "with throttling" do + before do + ActiveSupport::Notifications.stub(:notifier, ActiveSupport::Notifications::Fanout.new) do + CustomSubscriber.attach_to("rack_attack") + 2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } end + end - it 'should instrument without error' do - _(last_response.status).must_equal 429 - assert_equal 1, CustomSubscriber.notification_count - end + it 'should instrument without error' do + _(last_response.status).must_equal 429 + assert_equal 1, CustomSubscriber.notification_count end end end From 4a68debb7a767ccf4e54b122d32f7741f608831d Mon Sep 17 00:00:00 2001 From: Santiago Bartesaghi Date: Thu, 26 Oct 2023 19:59:16 -0300 Subject: [PATCH 2/3] ci: automatically run with latest ruby patch version (#634) --- .github/workflows/build.yml | 68 ++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3237bd4d..c7950f0f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,12 +17,12 @@ jobs: strategy: matrix: ruby: - - 3.2.2 - - 3.1.4 - - 3.0.6 - - 2.7.8 - - 2.6.10 - - 2.5.8 + - '3.2' + - '3.1' + - '3.0' + - '2.7' + - '2.6' + - '2.5' gemfile: - rack_3 - rack_2 @@ -48,61 +48,61 @@ jobs: - redis_store exclude: - gemfile: rack_1 - ruby: 3.2.2 + ruby: '3.2' - gemfile: rails_5_2 - ruby: 3.2.2 + ruby: '3.2' - gemfile: active_support_5_redis_cache_store - ruby: 3.2.2 + ruby: '3.2' - gemfile: active_support_5_redis_cache_store_pooled - ruby: 3.2.2 + ruby: '3.2' - gemfile: dalli2 - ruby: 3.2.2 + ruby: '3.2' - gemfile: rack_1 - ruby: 3.1.4 + ruby: '3.1' - gemfile: rails_5_2 - ruby: 3.1.4 + ruby: '3.1' - gemfile: active_support_5_redis_cache_store - ruby: 3.1.4 + ruby: '3.1' - gemfile: active_support_5_redis_cache_store_pooled - ruby: 3.1.4 + ruby: '3.1' - gemfile: dalli2 - ruby: 3.1.4 + ruby: '3.1' - gemfile: rack_1 - ruby: 3.0.6 + ruby: '3.0' - gemfile: rails_5_2 - ruby: 3.0.6 + ruby: '3.0' - gemfile: active_support_5_redis_cache_store - ruby: 3.0.6 + ruby: '3.0' - gemfile: active_support_5_redis_cache_store_pooled - ruby: 3.0.6 + ruby: '3.0' - gemfile: dalli2 - ruby: 3.0.6 + ruby: '3.0' - gemfile: rack_1 - ruby: 2.7.8 + ruby: '2.7' - gemfile: rails_7_0 - ruby: 2.6.10 + ruby: '2.6' - gemfile: rails_7_0 - ruby: 2.5.8 + ruby: '2.5' - gemfile: active_support_7_0_redis_cache_store - ruby: 2.5.8 + ruby: '2.6' - gemfile: active_support_7_0_redis_cache_store - ruby: 2.6.10 + ruby: '2.5' - gemfile: active_support_7_0_redis_cache_store_pooled - ruby: 2.5.8 + ruby: '2.6' - gemfile: active_support_7_0_redis_cache_store_pooled - ruby: 2.6.10 + ruby: '2.5' - gemfile: rails_7_1 - ruby: 2.6.10 + ruby: '2.6' - gemfile: rails_7_1 - ruby: 2.5.8 + ruby: '2.5' - gemfile: active_support_7_1_redis_cache_store - ruby: 2.5.8 + ruby: '2.6' - gemfile: active_support_7_1_redis_cache_store - ruby: 2.6.10 + ruby: '2.5' - gemfile: active_support_7_1_redis_cache_store_pooled - ruby: 2.5.8 + ruby: '2.6' - gemfile: active_support_7_1_redis_cache_store_pooled - ruby: 2.6.10 + ruby: '2.5' env: BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile steps: From ffc210250f4fc7e494671068396d6b1b1db3db6c Mon Sep 17 00:00:00 2001 From: Santiago Bartesaghi Date: Fri, 27 Oct 2023 21:46:07 -0300 Subject: [PATCH 3/3] refactor: minor refactoring (#635) --- lib/rack/attack/throttle.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/rack/attack/throttle.rb b/lib/rack/attack/throttle.rb index 69923393..0ec5f7aa 100644 --- a/lib/rack/attack/throttle.rb +++ b/lib/rack/attack/throttle.rb @@ -38,8 +38,9 @@ def matched_by?(request) epoch_time: cache.last_epoch_time } + annotate_request_with_throttle_data(request, data) + (count > current_limit).tap do |throttled| - annotate_request_with_throttle_data(request, data) if throttled annotate_request_with_matched_data(request, data) Rack::Attack.instrument(request)