fix: backport Rack Attack fixes from decidim-app

OpenSourcePolitics · Nov 19, 2024 · 3d91332 · 3d91332
1 parent f6aaa79
commit 3d91332
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 7 deletions.
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -6,4 +6,13 @@
 
 # Enabled by default in production
 # Can be deactivated with 'ENABLE_RACK_ATTACK=0'
-DecidimApp::RackAttack.apply_configuration if DecidimApp::RackAttack.rack_enabled?
+DecidimApp::RackAttack.deactivate_decidim_throttling!
+
+if DecidimApp::RackAttack.rack_enabled?
+  DecidimApp::RackAttack.enable_rack_attack!
+  DecidimApp::RackAttack.apply_configuration
+else
+  DecidimApp::RackAttack.disable_rack_attack!
+end
+
+DecidimApp::RackAttack.info!
diff --git a/lib/decidim_app/rack_attack.rb b/lib/decidim_app/rack_attack.rb
@@ -4,21 +4,39 @@ module DecidimApp
   module RackAttack
     def self.rack_enabled?
       setting = Rails.application.secrets.dig(:decidim, :rack_attack, :enabled)
-      return setting == "1" if setting.present?
+      return setting.to_s == "1" if setting.present?
 
       Rails.env.production?
     end
 
-    def self.apply_configuration
+    def self.info!
+      Rails.logger.info("Rack::Attack is enabled: #{Rack::Attack.enabled}")
+      Rails.logger.info("Rack::Attack Fail2ban is enabled: #{DecidimApp::RackAttack::Fail2ban.enabled?}")
+      Rack::Attack.throttles.keys.each do |throttle|
+        Rails.logger.info("Rack::Attack throttling registered: #{throttle}")
+      end
+    end
+
+    def self.enable_rack_attack!
+      Rails.logger.info("Rack::Attack is now enabled")
       Rack::Attack.enabled = true
+    end
 
+    def self.disable_rack_attack!
+      Rails.logger.info("Rack::Attack is now disabled")
+      Rack::Attack.enabled = false
+    end
+
+    def self.deactivate_decidim_throttling!
       # Remove the original throttle from decidim-core
-      # see https://github.com/decidim/decidim/blob/release/0.26-stable/decidim-core/config/initializers/rack_attack.rb#L19
+      # see https://github.com/decidim/decidim/blob/release/0.27-stable/decidim-core/config/initializers/rack_attack.rb#L19
       DecidimApp::RackAttack::Throttling.deactivate_decidim_throttling! do
         Rails.logger.info("Deactivating 'requests by ip' from Decidim Core")
         Rack::Attack.throttles.delete("requests by ip")
       end
+    end
 
+    def self.apply_configuration
       Rack::Attack.throttled_response_retry_after_header = true
 
       Rack::Attack.throttled_responder = lambda do |request|
@@ -59,4 +77,4 @@ def self.apply_configuration
       end
     end
   end
-end
+end
diff --git a/lib/decidim_app/rack_attack/fail2ban.rb b/lib/decidim_app/rack_attack/fail2ban.rb
@@ -15,4 +15,4 @@ def self.unauthorized_path?(path)
       end
     end
   end
-end
+end
diff --git a/lib/decidim_app/rack_attack/throttling.rb b/lib/decidim_app/rack_attack/throttling.rb
@@ -141,4 +141,4 @@ def self.html_template(until_period, organization_name)
       end
     end
   end
-end
+end
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,4 +15,4 @@ def self.unauthorized_path?(path) @@
           end
         end
       end
-    end
+    end