add Gem rack_attack for prevent attack brute-force

Gemfile

@@ -48,6 +48,7 @@ gem 'prawn_rails'
 gem 'premailer-rails'
 gem 'puma' # Use Puma as the app server
 gem 'pundit'
+gem 'rack-attack'
 gem 'rack-mini-profiler'
 gem 'rails'
 gem 'rails-i18n' # Locales par défaut

Gemfile.lock

@@ -434,6 +434,8 @@ GEM
     pundit (2.0.1)
       activesupport (>= 3.0.0)
     rack (2.0.6)
+    rack-attack (6.0.0)
+      rack (>= 1.0, < 3)
     rack-mini-profiler (1.0.1)
       rack (>= 1.2.0)
     rack-oauth2 (1.9.3)
@@ -752,6 +754,7 @@ DEPENDENCIES
   pry-byebug
   puma
   pundit
+  rack-attack
   rack-mini-profiler
   rails
   rails-controller-testing

config/application.rb

@@ -41,5 +41,6 @@ module TPS
     end
 
     config.ds_weekly_overview = ENV['APP_NAME'] == 'tps'
+    config.middleware.use Rack::Attack
   end
 end

config/initializers/rack_attack.rb

@@ -0,0 +1,21 @@
+if ENV['RAILS_ENV'] != 'test'
+  class Rack::Attack
+    throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
+      if req.path == '/users/sign_in' && req.post?
+        req.ip
+      end
+    end
+
+    throttle('stats/ip', limit: 5, period: 20.seconds) do |req|
+      if req.path == '/stats'
+        req.ip
+      end
+    end
+
+    throttle('contact/ip', limit: 5, period: 20.seconds) do |req|
+      if req.path == '/contact' && req.post?
+        req.ip
+      end
+    end
+  end
+end