gpt4 book ai didi

ruby-on-rails - Rails 试图通过机架攻击来限制我的 API。不确定它是否有效?

转载 作者:行者123 更新时间:2023-12-03 20:45:40 25 4
gpt4 key购买 nike

这是我的 repo

我刚刚添加了机架攻击 gem 。

gem 'rack-attack'

这是我的 app/initializers/rack-attack.rb 文件:
class Rack::Attack

Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new

whitelist('allow-localhost') do |req|
'127.0.0.1' == req.ip || '::1' == req.ip
end

throttle('req/ip', limit: 10, period: 10) do |req|
req.ip
end

self.throttled_response = ->(env) {
retry_after = (env['rack.attack.match_data'] || {})[:period]
[
429,
{'Content-Type' => 'application/json', 'Retry-After' => retry_after.to_s},
[{error: "Throttle limit reached. Retry later."}.to_json]
]
}
end

这是我的 application.rb 文件:
module ApiCodeship
class Application < Rails::Application
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.

# Only loads a smaller set of middleware suitable for API only apps.
# Middleware like session, flash, cookies can be added back manually.
# Skip views, helpers and assets when generating a new resource.
config.api_only = true
config.middleware.use Rack::Attack
end
end

当我访问 http://localhost:3000/rental_units ,这是我在控制台中的日志:
Started GET "/rental_units" for ::1 at 2016-03-03 23:01:32 -0500
ActiveRecord::SchemaMigration Load (0.4ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by RentalUnitsController#index as HTML
RentalUnit Load (0.5ms) SELECT "rental_units".* FROM "rental_units"
[active_model_serializers] Dalli::Server#connect localhost:11211
[active_model_serializers] User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 1], ["LIMIT", 1]]
[active_model_serializers] CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 1], ["LIMIT", 1]]
[active_model_serializers] CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 1], ["LIMIT", 1]]
[active_model_serializers] User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 2], ["LIMIT", 1]]
[active_model_serializers] Rendered ActiveModel::Serializer::CollectionSerializer with ActiveModel::Serializer::Adapter::JsonApi (44.37ms)
Completed 200 OK in 62ms (Views: 57.8ms | ActiveRecord: 2.7ms)

我怎么知道我正在正确节流?

最佳答案

我最近一直在我的应用程序中实现机架攻击。我发现了一些关于测试 Rack::Attack 的非常有用的博客文章。

基本上以下建议您安装 gem 'rack-test'
然后您可以 include Rack::Test::Methods在 rspec 文件的顶部,这将使您能够编写测试,例如;

describe 'throttling urls' do
include Rack::Test::Methods

def app
Rails.application
end

describe 'throttle excessive requests by IP address' do
let(:limit) { 10 }

context 'number of requests is lower than the limit' do
it "does not chnage the request status" do
limit.times do
get '/show', {}, "REMOTE_ADDR" => "1.2.3.4"
expect(last_response.status).to_not eq 429
end
end
end

context 'number of requests is higher than the limit' do
it 'changes the request status to 429' do
(limit * 2).times do |i|
get '/show', {}, "REMOTE_ADDR" => "1.2.3.5"
expect(last_response.status).to eq(429) if i > limit
end
end
end
end
end

我关注的博客是;

Great blog post if using the old rspec syntax

More recent blog about testing rack attack but slightly less detailed

关于ruby-on-rails - Rails 试图通过机架攻击来限制我的 API。不确定它是否有效?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35787771/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com