Skip to content

Commit

Permalink
Make Throttling Configurable (#361)
Browse files Browse the repository at this point in the history
* Make Throttling Configurable

* Newlines at end of file
  • Loading branch information
pglombardo authored Aug 2, 2022
1 parent 3de3611 commit f1088db
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 12 deletions.
7 changes: 5 additions & 2 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,6 @@ gem 'net-smtp'
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

group :production do
gem 'rack-timeout'
gem 'rack-throttle'
gem 'pg'
gem 'sentry-ruby'
gem 'sentry-rails', '>= 5.0.2'
Expand All @@ -105,3 +103,8 @@ end
group :private do
gem 'sqlite3'
end

group :production, :private do
gem 'rack-timeout'
gem 'rack-throttle'
end
5 changes: 5 additions & 0 deletions config/environments/private.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@
protocol: Settings.host_protocol
}

config.middleware.use Rack::Throttle::Daily, max: Settings.throttling.daily
config.middleware.use Rack::Throttle::Hourly, max: Settings.throttling.hourly
config.middleware.use Rack::Throttle::Minute, max: Settings.throttling.minute
config.middleware.use Rack::Throttle::Second, max: Settings.throttling.second

config.action_mailer.smtp_settings = {
address: Settings.mail.smtp_address,
port: Settings.mail.smtp_port,
Expand Down
8 changes: 4 additions & 4 deletions config/environments/production.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@
# Apache or NGINX already handles this.
config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?

config.middleware.use Rack::Throttle::Daily, max: 1000 # requests
config.middleware.use Rack::Throttle::Hourly, max: 100 # requests
config.middleware.use Rack::Throttle::Minute, max: 30 # requests
config.middleware.use Rack::Throttle::Second, max: 2 # requests
config.middleware.use Rack::Throttle::Daily, max: Settings.throttling.daily
config.middleware.use Rack::Throttle::Hourly, max: Settings.throttling.hourly
config.middleware.use Rack::Throttle::Minute, max: Settings.throttling.minute
config.middleware.use Rack::Throttle::Second, max: Settings.throttling.second

# Compress JavaScripts and CSS.
config.assets.js_compressor = :uglifier
Expand Down
95 changes: 91 additions & 4 deletions config/settings.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
# Global Application Defaults
# Global Application Configuration

# This is initially for internal settings. If all goes well using
# this new config gem, then we'll migrate entirely to the new Settings
# format for private instances too.
# See also https://github.com/pglombardo/PasswordPusher/blob/master/Configuration.md
# for a further explanation of the larger settings available here.

# Logins are disabled by default since they require an MTA (email) server
# available to send emails through.
#
# For instructions on how to enable logins, see this page:
# https://github.com/pglombardo/PasswordPusher/discussions/276
#
# Environment variable override:
# PWP__ENABLE_LOGINS='false'
#
enable_logins: false

# By default, Password Pusher can be used by anonymous users to push
Expand All @@ -24,10 +28,18 @@ allow_anonymous: true

# The domain (without protocol) where this instance is hosted
# Used in generating fully qualified URLs.
#
# Environment variable override:
# PWP__HOST_DOMAIN='pwpush.com'
#
# host_domain: 'pwpush.com'

# The protocol to reach the domain above
# Used in generating fully qualified URLs.
#
# Environment variable override:
# PWP__HOST_PROTOCOL='https'
#
host_protocol: 'https'

# Set the following value to force the base URL of generated links.
Expand All @@ -42,23 +54,96 @@ host_protocol: 'https'
#
# override_base_url: 'https://pwpush.mydomain.com'


# Configure the application throttling limits.
#
# Throttling enforces a minimum time interval
# between subsequent HTTP requests from a particular client, as
# well as by defining a maximum number of allowed HTTP requests
# per a given time period (per minute, hourly, or daily).
#
# See https://github.com/dryruby/rack-throttle#throttling-strategies
# for a description of function.
#
throttling:
# ..maximum number of allowed HTTP requests per day
#
# Default: 1000
#
# Environment Variable Override: PWP__THROTTLING__DAILY='1000'
daily: 1000

# ..maximum number of allowed HTTP requests per hour
#
# Default: 100
#
# Environment Variable Override: PWP__THROTTLING__HOURLY='100'
hourly: 100

# ..maximum number of allowed HTTP requests per minute
#
# Default: 30
#
# Environment Variable Override: PWP__THROTTLING__MINUTE='30'
minute: 30

# ..maximum number of allowed HTTP requests per second
#
# Default: 2
#
# Environment Variable Override: PWP__THROTTLING__SECOND='2'
second: 2


# When logins are enabled, an SMTP server is required to send emails to users
# for things such as forgot password, unlock account, confirm account etc.
# If `enable_logins` is set to true above, the following _are required_ to be
# filled out with valid values.
mail:
# Email delivery errors will be shown in the application
# Environment Variable Override: PWP__MAIL__RAISE_DELIVERY_ERRORS='false'
raise_delivery_errors: false

# Allows you to use a remote mail server. Just change it from its default "localhost" setting.
# Environment Variable Override: PWP__MAIL__SMTP_ADDRESS='smtp.example.com'
# smtp_address: smtp.example.com

# If your mail server requires authentication, set the username in this setting.
# Environment Variable Override: PWP__MAIL__SMTP_USER_NAME='apikey'
# smtp_user_name: 'apikey'

# If your mail server requires authentication, set the password in this setting.
# Environment Variable Override: PWP__MAIL__SMTP_PASSWORD='something@&#$'
# smtp_password: ''

# Port of the SMTP server
# Environment Variable Override: PWP__MAIL__SMTP_PORT='587'
smtp_port: 587

# If your mail server requires authentication, you need to specify the
# authentication type here. This is a string and one of :plain (will send
# the password in the clear), :login (will send password Base64 encoded)
# or :cram_md5 (combines a Challenge/Response mechanism to exchange
# information and a cryptographic Message Digest 5 algorithm to hash
# important information)
# Environment Variable Override: PWP__MAIL__SMTP_AUTHENTICATION='plain'
smtp_authentication: 'plain'

# Use STARTTLS when connecting to your SMTP server and fail if unsupported.
# Environment Variable Override: PWP__MAIL__SMTP_STARTTLS='true'
smtp_starttls: true

# Number of seconds to wait while attempting to open a connection.
# Environment Variable Override: PWP__MAIL__SMTP_OPEN_TIMEOUT='10'
smtp_open_timeout: 10

# Number of seconds to wait until timing-out a read(2) call.
# Environment Variable Override: PWP__MAIL__SMTP_READ_TIMEOUT='10'
smtp_read_timeout: 10

# Configure the e-mail address which will be shown as 'From' in emails
# See config/initializers/devise.rb where this is used
# Environment Variable Override: PWP__MAIL__MAILER_SENDER='"Password Pusher" <pglombardo@pwpush.com>'
# mailer_sender: '"Password Pusher" <pglombardo@pwpush.com>'

# List of supported languages indexed by language code. This is used
Expand All @@ -85,7 +170,9 @@ language_codes:

# The default language for the application. This must be one of the
# valid/supported language codes from the list above.
#
# Example: default_locale: :es
#
# Environment Variable Override: PWP__DEFAULT_LOCALE='es'
default_locale: :en

7 changes: 5 additions & 2 deletions gemfiles/Gemfile-mysql
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,6 @@ gem 'net-smtp'
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

group :production do
gem 'rack-timeout'
gem 'rack-throttle'
gem 'sentry-ruby'
gem 'sentry-rails'
gem 'mysql2'
Expand All @@ -106,3 +104,8 @@ end
group :private do
gem 'sqlite3'
end

group :production, :private do
gem 'rack-timeout'
gem 'rack-throttle'
end

0 comments on commit f1088db

Please sign in to comment.