Use Rack::Attack (closes #9)
This commit is contained in:
parent
6b4260647d
commit
659b51bd5e
3
Gemfile
3
Gemfile
|
@ -92,6 +92,9 @@ gem 'omniauth', '~> 1.8'
|
||||||
# Official OmniAuth strategy for GitHub.
|
# Official OmniAuth strategy for GitHub.
|
||||||
gem 'omniauth-github', '~> 1.3'
|
gem 'omniauth-github', '~> 1.3'
|
||||||
|
|
||||||
|
# A rack middleware for throttling and blocking abusive requests.
|
||||||
|
gem 'rack-attack', '~> 5.4'
|
||||||
|
|
||||||
group :development, :test do
|
group :development, :test do
|
||||||
# factory_bot provides a framework and DSL for defining and using factories.
|
# factory_bot provides a framework and DSL for defining and using factories.
|
||||||
gem 'factory_bot_rails', '~> 4.10'
|
gem 'factory_bot_rails', '~> 4.10'
|
||||||
|
|
|
@ -237,6 +237,8 @@ GEM
|
||||||
pundit (2.0.0)
|
pundit (2.0.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
rack (2.0.6)
|
rack (2.0.6)
|
||||||
|
rack-attack (5.4.2)
|
||||||
|
rack (>= 1.0, < 3)
|
||||||
rack-test (1.1.0)
|
rack-test (1.1.0)
|
||||||
rack (>= 1.0, < 3)
|
rack (>= 1.0, < 3)
|
||||||
rails (5.2.2)
|
rails (5.2.2)
|
||||||
|
@ -421,6 +423,7 @@ DEPENDENCIES
|
||||||
pry-rails (~> 0.3)
|
pry-rails (~> 0.3)
|
||||||
puma (~> 3.11)
|
puma (~> 3.11)
|
||||||
pundit (~> 2.0)
|
pundit (~> 2.0)
|
||||||
|
rack-attack (~> 5.4)
|
||||||
rails (~> 5.2.1)
|
rails (~> 5.2.1)
|
||||||
rails-erd (~> 1.5)
|
rails-erd (~> 1.5)
|
||||||
rails-i18n (~> 5.1)
|
rails-i18n (~> 5.1)
|
||||||
|
|
|
@ -37,11 +37,6 @@ module Partynest
|
||||||
# Fully qualified domain name.
|
# Fully qualified domain name.
|
||||||
config.site_domain = 'libertarian-party.com'
|
config.site_domain = 'libertarian-party.com'
|
||||||
|
|
||||||
# Settings in config/environments/* take precedence over those specified
|
|
||||||
# here. Application configuration can go into files in config/initializers
|
|
||||||
# -- all .rb files in that directory are automatically loaded after loading
|
|
||||||
# the framework and any gems in your application.
|
|
||||||
|
|
||||||
# Don't generate system test files.
|
# Don't generate system test files.
|
||||||
config.generators.system_tests = nil
|
config.generators.system_tests = nil
|
||||||
|
|
||||||
|
|
|
@ -102,4 +102,7 @@ Rails.application.configure do
|
||||||
|
|
||||||
# Do not dump schema after migrations.
|
# Do not dump schema after migrations.
|
||||||
config.active_record.dump_schema_after_migration = false
|
config.active_record.dump_schema_after_migration = false
|
||||||
|
|
||||||
|
# Middleware.
|
||||||
|
config.middleware.use Rack::Attack
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
# Be sure to restart your server when you modify this file.
|
||||||
|
|
||||||
|
Rack::Attack.throttle 'requests by IP', limit: 10, period: 1, &:ip
|
Reference in New Issue