Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Weird Ruby

Weird Ruby

A presentation made to our Ruby users group. Intended to provoke/inspire discussion about unusual (sometimes obscure?) coding using some of the lesser-known Ruby syntax features.

The code itself is taken from the Ruby gem at https://github.com/kickstarter/rack-attack

If you have Deckset, contact me ([email protected]) and I will be glad to send you the "source code" for the presentation.

oldfartdeveloper

August 29, 2014
Tweet

Other Decks in Programming

Transcript

  1. module Rack class Attack class Check attr_reader :name, :block, :type

    def initialize(name, options = {}, block) @name, @block = name, block @type = options.fetch(:type, nil) end # Wha'? What's this do? def [](req) block[req].tap {|match| if match req.env["rack.attack.matched"] = name req.env["rack.attack.match_type"] = type Rack::Attack.instrument(req) end } end end end end
  2. module Rack class Attack class Fail2Ban class << self def

    filter(discriminator, options) # Wha? What's happening here? bantime = options[:bantime] or raise ArgumentError, "Must pass bantime option" findtime = options[:findtime] or raise ArgumentError, "Must pass findtime option" maxretry = options[:maxretry] or raise ArgumentError, "Must pass maxretry option" ...
  3. class Rack::Attack ... class << self # Wha? These instance

    or class accessors? attr_accessor :notifier, :blacklisted_response, :throttled_response def whitelist(name, &block) self.whitelists[name] = Whitelist.new(name, block) end ... # Wha? Is @whitelists an instance or class var? def whitelists; @whitelists ||= {}; end ... end ...
  4. Within Rack::Attack we have this instance method def call(env) req

    = Rack::Attack::Request.new(env) # Wha? Is #whitelisted? an instance or class method? if whitelisted?(req) @app.call(env) elsif blacklisted?(req) self.class.blacklisted_response[env] elsif throttled?(req) self.class.throttled_response[env] else tracked?(req) @app.call(env) end end
  5. class Rack::Attack # Wha? throttle('req/ip', :limit => (ENV['RACKATTACK_LIMIT'].present? ? Integer(ENV['RACKATTACK_LIMIT'])

    : 300), :period => (ENV['RACKATTACK_PERIOD'].present? ? Integer(ENV['RACKATTACK_PERIOD']) : 1.minutes)) do |req| req.ip end whitelist('from hedgeye office') do |req| if (whitelist_pattern = ENV['WHITELIST_IP_PATTERN']) && !whitelist_pattern.blank? Rails.logger.info("#{req.ip} =~ /#{whitelist_pattern}/ #=> #{req.ip =~ /#{whitelist_pattern}/}") req.ip =~ /#{whitelist_pattern}/ end end # https://www.pivotaltracker.com/n/projects/414867/stories/76620326 blacklist('block bad user agent request from Chinese bot') do |req| offset = req.user_agent =~ /\WEasouSpider\W/ !offset.nil? && offset >= 0 end self.throttled_response = lambda do |env| [ 503, # status {}, # headers ['']] # body end end end