From 7118b7a2433cf943eacf1fedf0e79b2bf0af220d Mon Sep 17 00:00:00 2001 From: fatkodima Date: Sun, 13 Oct 2019 19:03:48 +0300 Subject: [PATCH] Extract Configuration class --- lib/rack/attack.rb | 121 +++++-------------------------- lib/rack/attack/configuration.rb | 92 +++++++++++++++++++++++ 2 files changed, 111 insertions(+), 102 deletions(-) create mode 100644 lib/rack/attack/configuration.rb diff --git a/lib/rack/attack.rb b/lib/rack/attack.rb index b33092d4..fc18e9c7 100644 --- a/lib/rack/attack.rb +++ b/lib/rack/attack.rb @@ -14,6 +14,7 @@ class Error < StandardError; end class MisconfiguredStoreError < Error; end class MissingStoreError < Error; end + autoload :Configuration, 'rack/attack/configuration' autoload :Cache, 'rack/attack/cache' autoload :Check, 'rack/attack/check' autoload :Throttle, 'rack/attack/throttle' @@ -31,82 +32,8 @@ class MissingStoreError < Error; end autoload :Allow2Ban, 'rack/attack/allow2ban' class << self - attr_accessor :enabled, :notifier, :blocklisted_response, :throttled_response, - :anonymous_blocklists, :anonymous_safelists - - def safelist(name = nil, &block) - safelist = Safelist.new(name, &block) - - if name - safelists[name] = safelist - else - anonymous_safelists << safelist - end - end - - def blocklist(name = nil, &block) - blocklist = Blocklist.new(name, &block) - - if name - blocklists[name] = blocklist - else - anonymous_blocklists << blocklist - end - end - - def blocklist_ip(ip_address) - anonymous_blocklists << Blocklist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) } - end - - def safelist_ip(ip_address) - anonymous_safelists << Safelist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) } - end - - def throttle(name, options, &block) - throttles[name] = Throttle.new(name, options, &block) - end - - def track(name, options = {}, &block) - tracks[name] = Track.new(name, options, &block) - end - - def safelists - @safelists ||= {} - end - - def blocklists - @blocklists ||= {} - end - - def throttles - @throttles ||= {} - end - - def tracks - @tracks ||= {} - end - - def safelisted?(request) - anonymous_safelists.any? { |safelist| safelist.matched_by?(request) } || - safelists.any? { |_name, safelist| safelist.matched_by?(request) } - end - - def blocklisted?(request) - anonymous_blocklists.any? { |blocklist| blocklist.matched_by?(request) } || - blocklists.any? { |_name, blocklist| blocklist.matched_by?(request) } - end - - def throttled?(request) - throttles.any? do |_name, throttle| - throttle.matched_by?(request) - end - end - - def tracked?(request) - tracks.each_value do |track| - track.matched_by?(request) - end - end + attr_accessor :enabled, :notifier + attr_reader :configuration def instrument(request) if notifier @@ -122,34 +49,27 @@ def cache @cache ||= Cache.new end - def clear_configuration - @safelists = {} - @blocklists = {} - @throttles = {} - @tracks = {} - self.anonymous_blocklists = [] - self.anonymous_safelists = [] - end - def clear! warn "[DEPRECATION] Rack::Attack.clear! is deprecated. Please use Rack::Attack.clear_configuration instead" - clear_configuration + @configuration.clear_configuration end + + extend Forwardable + def_delegators :@configuration, :safelist, :blocklist, :blocklist_ip, :safelist_ip, :throttle, :track, + :blocklisted_response, :blocklisted_response=, :throttled_response, :throttled_response=, + :clear_configuration, :safelists, :blocklists, :throttles, :tracks end # Set defaults @enabled = true - @anonymous_blocklists = [] - @anonymous_safelists = [] @notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications) - @blocklisted_response = lambda { |_env| [403, { 'Content-Type' => 'text/plain' }, ["Forbidden\n"]] } - @throttled_response = lambda do |env| - retry_after = (env['rack.attack.match_data'] || {})[:period] - [429, { 'Content-Type' => 'text/plain', 'Retry-After' => retry_after.to_s }, ["Retry later\n"]] - end + @configuration = Configuration.new + + attr_reader :configuration def initialize(app) @app = app + @configuration = self.class.configuration end def call(env) @@ -158,19 +78,16 @@ def call(env) env['PATH_INFO'] = PathNormalizer.normalize_path(env['PATH_INFO']) request = Rack::Attack::Request.new(env) - if safelisted?(request) + if configuration.safelisted?(request) @app.call(env) - elsif blocklisted?(request) - self.class.blocklisted_response.call(env) - elsif throttled?(request) - self.class.throttled_response.call(env) + elsif configuration.blocklisted?(request) + configuration.blocklisted_response.call(env) + elsif configuration.throttled?(request) + configuration.throttled_response.call(env) else - tracked?(request) + configuration.tracked?(request) @app.call(env) end end - - extend Forwardable - def_delegators self, :safelisted?, :blocklisted?, :throttled?, :tracked? end end diff --git a/lib/rack/attack/configuration.rb b/lib/rack/attack/configuration.rb new file mode 100644 index 00000000..45c579de --- /dev/null +++ b/lib/rack/attack/configuration.rb @@ -0,0 +1,92 @@ +# frozen_string_literal: true + +module Rack + class Attack + class Configuration + attr_reader :safelists, :blocklists, :throttles, :anonymous_blocklists, :anonymous_safelists + attr_accessor :blocklisted_response, :throttled_response + + def initialize + @safelists = {} + @blocklists = {} + @throttles = {} + @tracks = {} + @anonymous_blocklists = [] + @anonymous_safelists = [] + + @blocklisted_response = lambda { |_env| [403, { 'Content-Type' => 'text/plain' }, ["Forbidden\n"]] } + @throttled_response = lambda do |env| + retry_after = (env['rack.attack.match_data'] || {})[:period] + [429, { 'Content-Type' => 'text/plain', 'Retry-After' => retry_after.to_s }, ["Retry later\n"]] + end + end + + def safelist(name = nil, &block) + safelist = Safelist.new(name, &block) + + if name + @safelists[name] = safelist + else + @anonymous_safelists << safelist + end + end + + def blocklist(name = nil, &block) + blocklist = Blocklist.new(name, &block) + + if name + @blocklists[name] = blocklist + else + @anonymous_blocklists << blocklist + end + end + + def blocklist_ip(ip_address) + @anonymous_blocklists << Blocklist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) } + end + + def safelist_ip(ip_address) + @anonymous_safelists << Safelist.new { |request| IPAddr.new(ip_address).include?(IPAddr.new(request.ip)) } + end + + def throttle(name, options, &block) + @throttles[name] = Throttle.new(name, options, &block) + end + + def track(name, options = {}, &block) + @tracks[name] = Track.new(name, options, &block) + end + + def safelisted?(request) + @anonymous_safelists.any? { |safelist| safelist.matched_by?(request) } || + @safelists.any? { |_name, safelist| safelist.matched_by?(request) } + end + + def blocklisted?(request) + @anonymous_blocklists.any? { |blocklist| blocklist.matched_by?(request) } || + @blocklists.any? { |_name, blocklist| blocklist.matched_by?(request) } + end + + def throttled?(request) + @throttles.any? do |_name, throttle| + throttle.matched_by?(request) + end + end + + def tracked?(request) + @tracks.each_value do |track| + track.matched_by?(request) + end + end + + def clear_configuration + @safelists = {} + @blocklists = {} + @throttles = {} + @tracks = {} + @anonymous_blocklists = [] + @anonymous_safelists = [] + end + end + end +end