15660695816

Committed 15 Jun 2025 07:12AM UTC coverage: 98.44% (-0.2%) from 98.65%

Build # 15660695816

Build Type

Pull #47

github

Committed by

web-flow

Commit Message

Merge f9ecd41cc into e9fb9d184

Pull Request Pull Request #47: Feat: Implement request rate limiting using Rack::Attack

Run Details

199 of 204 branches covered (97.55%)

Branch coverage included in aggregate %.

56 of 58 new or added lines in 5 files covered. (96.55%)

1000 of 1014 relevant lines covered (98.62%)

55.31 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.3

/lib/securial/security/request_rate_limiter.rb

require "rack/attack"
require "securial/config"

module Securial
  module Security
    module RequestRateLimiter
      module_function

      def apply! # rubocop:disable Metrics/MethodLength
        resp_status = Securial.configuration.rate_limit_response_status
        resp_message = Securial.configuration.rate_limit_response_message
        throttle_configs = [
          { name: "securial/logins/ip", path: "sessions/login", key: ->(req) { req.ip } },
          { name: "securial/logins/email", path: "sessions/login", key: ->(req) { req.params["email_address"].to_s.downcase.strip } },
          { name: "securial/password_resets/ip", path: "password/forgot", key: ->(req) { req.ip } },
          { name: "securial/password_resets/email", path: "password/forgot", key: ->(req) { req.params["email_address"].to_s.downcase.strip } },
        ]

        throttle_configs.each do |config|
          Rack::Attack.throttle(config[:name],
                                limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },
                                period: 1.minute
          ) do |req|
            if req.path.include?(config[:path]) && req.post?
              config[:key].call(req)
            end
          end
        end
        # Custom response for throttled requests
        Rack::Attack.throttled_responder = lambda do |request|
          retry_after = (request.env["rack.attack.match_data"] || {})[:period]
          [
            resp_status,
            {
              "Content-Type" => "application/json",
              "Retry-After" => retry_after.to_s,
            },
            [{ error: resp_message }.to_json],
          ]
        end
      end
    end
  end
end

1	require "rack/attack"	1✔
2	require "securial/config"	1✔
3
4	module Securial	1✔
5	module Security	1✔
6	module RequestRateLimiter	1✔
7	module_function	1✔
8
9	def apply! # rubocop:disable Metrics/MethodLength	1✔
10	resp_status = Securial.configuration.rate_limit_response_status	1✔
11	resp_message = Securial.configuration.rate_limit_response_message	1✔
12	throttle_configs = [
13	{ name: "securial/logins/ip", path: "sessions/login", key: ->(req) { req.ip } },	4✔
14	{ name: "securial/logins/email", path: "sessions/login", key: ->(req) { req.params["email_address"].to_s.downcase.strip } },	3✔
15	{ name: "securial/password_resets/ip", path: "password/forgot", key: ->(req) { req.ip } },	3✔
16	{ name: "securial/password_resets/email", path: "password/forgot", key: ->(req) { req.params["email_address"].to_s.downcase.strip } },	3✔
17	]
18
19	throttle_configs.each do \|config\|	1✔
20	Rack::Attack.throttle(config[:name],	4✔
21	limit: ->(_req) { Securial.configuration.rate_limit_requests_per_minute },	12✔
22	period: 1.minute
23	) do \|req\|
24	if req.path.include?(config[:path]) && req.post?	724✔
25	config[:key].call(req)	12✔
26	end
27	end
28	end
29	# Custom response for throttled requests
30	Rack::Attack.throttled_responder = lambda do \|request\|	1✔
NEW 31	retry_after = (request.env["rack.attack.match_data"] \|\| {})[:period]	×
32	[
NEW 33	resp_status,	×
34	{
35	"Content-Type" => "application/json",
36	"Retry-After" => retry_after.to_s,
37	},
38	[{ error: resp_message }.to_json],
39	]
40	end
41	end
42	end
43	end
44	end

AlyBadawy / Securial / 15660695816

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous