Skip to content

Commit f22b24c

Browse files
fatkodimafatkodima
committed
Do not auto-plug for rails < 5
1 parent bdfb01a commit f22b24c

File tree

4 files changed

+40
-28
lines changed

4 files changed

+40
-28
lines changed

README.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,14 @@ Or install it yourself as:
6868

6969
Then tell your ruby web application to use rack-attack as a middleware.
7070

71-
a) For __rails__ applications it is used by default. You can disable it permanently (like for specific environment) or temporarily (can be useful for specific test cases) by writing:
71+
a) For __rails__ applications with versions >= 5 it is used by default. For older rails versions you should enable it explicitly:
72+
```ruby
73+
# In config/application.rb
74+
75+
config.middleware.use Rack::Attack
76+
```
77+
78+
You can disable it permanently (like for specific environment) or temporarily (can be useful for specific test cases) by writing:
7279

7380
```ruby
7481
Rack::Attack.enabled = false

lib/rack/attack/railtie.rb

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -4,21 +4,17 @@ module Rack
44
class Attack
55
class Railtie < ::Rails::Railtie
66
initializer 'rack.attack.middleware', after: :load_config_initializers, before: :build_middleware_stack do |app|
7-
middlewares = app.config.middleware
7+
if Gem::Version.new(::Rails::VERSION::STRING) >= Gem::Version.new("5")
8+
middlewares = app.config.middleware
9+
operations = middlewares.send(:operations) + middlewares.send(:delete_operations)
810

9-
operations =
10-
if Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.new("5")
11-
middlewares.send(:operations) + middlewares.send(:delete_operations)
12-
else
13-
middlewares.instance_variable_get(:@operations)
11+
use_middleware = operations.none? do |operation|
12+
middleware = operation[1]
13+
middleware.include?(Rack::Attack)
1414
end
1515

16-
use_middleware = operations.none? do |operation|
17-
middleware = operation[1]
18-
middleware.include?(Rack::Attack)
16+
middlewares.use(Rack::Attack) if use_middleware
1917
end
20-
21-
middlewares.use(Rack::Attack) if use_middleware
2218
end
2319
end
2420
end

spec/acceptance/rails_middleware_spec.rb

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
require_relative "../spec_helper"
44

5-
if defined?(Rails) && Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.new("5")
5+
if defined?(Rails)
66
describe "Middleware for Rails" do
77
before do
88
@app = Class.new(Rails::Application) do
@@ -12,21 +12,30 @@
1212
end
1313
end
1414

15-
it "is enabled by default" do
16-
@app.initialize!
17-
assert_equal 1, @app.middleware.count(Rack::Attack)
18-
end
15+
if Gem::Version.new(Rails::VERSION::STRING) >= Gem::Version.new("5")
16+
it "is used by default" do
17+
@app.initialize!
18+
assert_equal 1, @app.middleware.count(Rack::Attack)
19+
end
20+
21+
it "is not added when it was added explicitly" do
22+
@app.config.middleware.use(Rack::Attack)
23+
@app.initialize!
24+
assert_equal 1, @app.middleware.count(Rack::Attack)
25+
end
1926

20-
it "is not added when it was added explicitly" do
21-
@app.config.middleware.use(Rack::Attack)
22-
@app.initialize!
23-
assert_equal 1, @app.middleware.count(Rack::Attack)
27+
it "is not added when it was explicitly deleted" do
28+
@app.config.middleware.delete(Rack::Attack)
29+
@app.initialize!
30+
refute @app.middleware.include?(Rack::Attack)
31+
end
2432
end
2533

26-
it "is not added when it was explicitly deleted" do
27-
@app.config.middleware.delete(Rack::Attack)
28-
@app.initialize!
29-
refute @app.middleware.include?(Rack::Attack)
34+
if Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new("5")
35+
it "is not used by default" do
36+
@app.initialize!
37+
assert_equal 0, @app.middleware.count(Rack::Attack)
38+
end
3039
end
3140
end
3241
end

spec/rack_attack_spec.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -79,21 +79,21 @@
7979

8080
describe 'enabled' do
8181
it 'should be enabled by default' do
82-
Rack::Attack.enabled.must_equal true
82+
_(Rack::Attack.enabled).must_equal true
8383
end
8484

8585
it 'should directly pass request when disabled' do
8686
bad_ip = '1.2.3.4'
8787
Rack::Attack.blocklist("ip #{bad_ip}") { |req| req.ip == bad_ip }
8888

8989
get '/', {}, 'REMOTE_ADDR' => bad_ip
90-
last_response.status.must_equal 403
90+
_(last_response.status).must_equal 403
9191

9292
prev_enabled = Rack::Attack.enabled
9393
begin
9494
Rack::Attack.enabled = false
9595
get '/', {}, 'REMOTE_ADDR' => bad_ip
96-
last_response.status.must_equal 200
96+
_(last_response.status).must_equal 200
9797
ensure
9898
Rack::Attack.enabled = prev_enabled
9999
end

0 commit comments

Comments
 (0)