demarches-normaliennes/config/initializers/rack_attack.rb

class Rack::Attack
  throttle('/users/sign_in/ip', limit: 5, period: 20.seconds) do |req|
    if req.path == '/users/sign_in' && req.post? && rack_attack_enabled?
      req.remote_ip
    end
  end

  throttle('stats/ip', limit: 5, period: 20.seconds) do |req|
    if req.path == '/stats' && rack_attack_enabled?
      req.remote_ip
    end
  end

  throttle('contact/ip', limit: 5, period: 20.seconds) do |req|
    if req.path == '/contact' && req.post? && rack_attack_enabled?
      req.remote_ip
    end
  end

  Rack::Attack.safelist('allow from localhost') do |req|
    IPService.ip_trusted?(req.remote_ip)
  end

  def self.rack_attack_enabled?
    ENV['RACK_ATTACK_ENABLE'] == 'true'
  end
end
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`class Rack::Attack`
			`throttle('/users/sign_in/ip', limit: 5, period: 20.seconds) do \|req\|`
			`if req.path == '/users/sign_in' && req.post? && rack_attack_enabled?`
			`req.remote_ip`
add Gem rack_attack for prevent attack brute-force 2019-07-03 15:22:31 +02:00			`end`
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`end`
add Gem rack_attack for prevent attack brute-force 2019-07-03 15:22:31 +02:00
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`throttle('stats/ip', limit: 5, period: 20.seconds) do \|req\|`
			`if req.path == '/stats' && rack_attack_enabled?`
			`req.remote_ip`
add Gem rack_attack for prevent attack brute-force 2019-07-03 15:22:31 +02:00			`end`
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`end`
add Gem rack_attack for prevent attack brute-force 2019-07-03 15:22:31 +02:00
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`throttle('contact/ip', limit: 5, period: 20.seconds) do \|req\|`
			`if req.path == '/contact' && req.post? && rack_attack_enabled?`
			`req.remote_ip`
add Gem rack_attack for prevent attack brute-force 2019-07-03 15:22:31 +02:00			`end`
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`end`
RackAttack: use remote ip and test it ! 2019-08-01 17:12:59 +02:00
Use rack_attack_enabled? We cannot enable rack attack during the tests as it interferes with features spec. So we add a flag to enable it during the runtime. 2019-08-19 15:15:50 +02:00			`Rack::Attack.safelist('allow from localhost') do \|req\|`
			`IPService.ip_trusted?(req.remote_ip)`
			`end`

			`def self.rack_attack_enabled?`
			`ENV['RACK_ATTACK_ENABLE'] == 'true'`
add Gem rack_attack for prevent attack brute-force 2019-07-03 15:22:31 +02:00			`end`
			`end`