From ecbea2e3c6e49387b1eaefbbebd2013867414ca2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Fri, 3 May 2019 16:16:11 +0200 Subject: [PATCH] Bump rack-attack from 5.4.2 to 6.0.0 (#10599) * Bump rack-attack from 5.4.2 to 6.0.0 Bumps [rack-attack](https://github.com/kickstarter/rack-attack) from 5.4.2 to 6.0.0. - [Release notes](https://github.com/kickstarter/rack-attack/releases) - [Changelog](https://github.com/kickstarter/rack-attack/blob/master/CHANGELOG.md) - [Commits](https://github.com/kickstarter/rack-attack/compare/v5.4.2...v6.0.0) Signed-off-by: dependabot[bot] * fix payload[:request] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- config/initializers/rack_attack_logging.rb | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 67df76be69c..db00c24fb97 100644 --- a/Gemfile +++ b/Gemfile @@ -66,7 +66,7 @@ gem 'ox', '~> 2.10' gem 'posix-spawn', git: 'https://github.com/rtomayko/posix-spawn', ref: '58465d2e213991f8afb13b984854a49fcdcc980c' gem 'pundit', '~> 2.0' gem 'premailer-rails' -gem 'rack-attack', '~> 5.4' +gem 'rack-attack', '~> 6.0' gem 'rack-cors', '~> 1.0', require: 'rack/cors' gem 'rails-i18n', '~> 5.1' gem 'rails-settings-cached', '~> 0.6' diff --git a/Gemfile.lock b/Gemfile.lock index 09b0de6143f..7ab907f6d44 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -426,7 +426,7 @@ GEM activesupport (>= 3.0.0) raabro (1.1.6) rack (2.0.7) - rack-attack (5.4.2) + rack-attack (6.0.0) rack (>= 1.0, < 3) rack-cors (1.0.3) rack-protection (2.0.5) @@ -735,7 +735,7 @@ DEPENDENCIES pry-rails (~> 0.3) puma (~> 3.12) pundit (~> 2.0) - rack-attack (~> 5.4) + rack-attack (~> 6.0) rack-cors (~> 1.0) rails (~> 5.2.3) rails-controller-testing (~> 1.0) diff --git a/config/initializers/rack_attack_logging.rb b/config/initializers/rack_attack_logging.rb index 2ddbfb99ce8..c30bd8a6431 100644 --- a/config/initializers/rack_attack_logging.rb +++ b/config/initializers/rack_attack_logging.rb @@ -1,4 +1,6 @@ -ActiveSupport::Notifications.subscribe('rack.attack') do |_name, _start, _finish, _request_id, req| +ActiveSupport::Notifications.subscribe(/rack_attack/) do |_name, _start, _finish, _request_id, payload| + req = payload[:request] + next unless [:throttle, :blacklist].include? req.env['rack.attack.match_type'] Rails.logger.info("Rate limit hit (#{req.env['rack.attack.match_type']}): #{req.ip} #{req.request_method} #{req.fullpath}") end