rspec-rails
Rack::Attack
Our great sponsors
rspec-rails | Rack::Attack | |
---|---|---|
19 | 13 | |
5,107 | 5,480 | |
0.5% | 0.5% | |
8.6 | 7.1 | |
6 days ago | about 2 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rspec-rails
-
Test Driving a Rails API - Part Two
When starting a Rails project, you have a lot of decisions to make. Whether or not to write tests should not be one of them. The big decision is to use Minitest or Rspec. Both of those testing frameworks are great and provide everything you need to test a Rails application thoroughly.
-
How to Use Shoulda Matchers with RSpec for Ruby on Rails
RSpec
-
How to Setup RSpec on a Rails Project
rspec-rails factory_bot_rails faker
-
Tests Everywhere - Ruby
Ruby testing with RSpec
-
Introduction to Rails API: How to Create Your First Endpoint in Less Than a Minute?
After all requests have been added, we need to cover them using request specs to ensure that everything will work as expected in the future as well. To add specs, we will use the rspec-rails gem. Our plan is to cover the 4 HTTP request methods that have been added above:
-
Should i learn testing
as a beginner you can skip it, just focus on understanding Rails' philosophy and getting comfortable with it. However, make sure you remember to come back to unit testing later bc it's a mandatory skill for a Rails developer. Unit test can help you understand your project's specs thoroughly (assume its test coverage is more than 90%). I recommend learning RSpec instead of Rails' built-in testing tool (the one being used in the Rails tutorial iirc)
-
Code Reviewing a Ruby on Rails application.
RSpec is a testing framework for Ruby that is widely used in the Ruby on Rails community. It allows developers to write and execute automated tests. RSpec promotes behavior-driven development (BDD) by providing a readable syntax for describing the expected behavior of the application.
-
Generating an OpenAPI/Swagger spec from a Ruby on Rails API
This is where rswag comes in. It is an extension to rspec-rails for "describing and testing API operations".
- Relishapp is down, anyone knows what happened?
- Top 5 Ruby on Rails Gems
Rack::Attack
-
Rails Authentication for Compliance
The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)
-
4 Essential Security Tools To Level Up Your Rails Security
Rack::Attack
- Huginn’s IP keeps getting blocked by Kickstarter
- rack/rack-attack: Rack middleware for blocking & throttling
-
Rack-attack gem setup to protect Rails and Rack apps from bad clients
Rack middleware for blocking & throttling abusive requests. Protect your Rails and Rack apps from bad clients. Rack::Attack lets you quickly decide when to allow, block, and throttle based on the properties of the request. Using this gem you can save your web application from attacks, we can whitelist IPs, Block requests according to requirements, and many more… Install Rack-attack gem: # In your Gemfile gem 'rack-attack' Enter fullscreen mode Exit fullscreen mode Plugging into the application Then tell your ruby web application to use rack-attack as a middleware. # config/application.rb # rack attack middleware config.middleware.use Rack::Attack Enter fullscreen mode Exit fullscreen mode Once you’ve done that, you’ll need to configure it. You can do this by creating the file, config/initializers/rack-attack.rband adding the rules to fit your needs. You can disable it permanently (like for a specific environment) or temporarily (can be helpful for specific test cases) by writing: Usage Safe listing Safelists have the most precedence, so any request matching a safelist would be allowed despite matching any number of blocklists or throttles. safelist_ip(ip_address_string) Rack::Attack.safelist_ip(“5.6.7.8”) Enter fullscreen mode Exit fullscreen mode safelist_ip(ip_subnet_string) Rack::Attack.safelist_ip(“5.6.7.0/24”) Enter fullscreen mode Exit fullscreen mode safelist(name, &block) Name your custom safelist and make your ruby-block argument return a truthy value if you want the request to be allowed, and false otherwise. Blocking blocklist_ip(ip_address_string) Rack::Attack.blocklist_ip(“1.2.3.4”) Enter fullscreen mode Exit fullscreen mode blocklist_ip(ip_subnet_string) Rack::Attack.blocklist_ip(“1.2.0.0/16”) Enter fullscreen mode Exit fullscreen mode blocklist(name, &block) Name your custom blocklist and make your ruby-block argument return a truthy value if you want the request to be blocked, and false otherwise. Throttling *throttle(name, options, &block) *( provide limit and period as options) Throttle state is stored in a configurable cache (which defaults to Rails.cache if present). Name your custom throttle, provide limit and period as options, and make your ruby-block argument return the discriminator. This discriminator is how you tell rack-attack whether you’re limiting per IP address, per user email, or any other. For example, if we want to restrict requests other than defined routes and display a custom error page. Error page: If we want to restrict requests/IP and if the request limit increases then send a reminder mail. For Example, we want to allow only 300 requests per 30 seconds after that will restrict requests from this IP till the next 30 seconds interval starting. Get error mail if the limit is extended. Performance The overhead of running Rack::Attack is typically negligible (a few milliseconds per request), but it depends on how many checks you’ve configured, and how long they take. Throttles usually require a network roundtrip to your cache server(s), so try to keep the number of throttle checks per request low. If a request is blocklisted or throttled, the response is a very simple Rack response. A single typical ruby web server thread can block several hundred requests per second. Sample rack-attack.rb file For more information: https://github.com/rack/rack-attack If this guide has been helpful to you and your team please share it with others!
-
Limiting the amount of calls user can make to an api
Second vote for rack-attack!
-
Devise and email spam?
You could use something like Rack Attack to mitigate this type of behavior if it becomes an issue.
-
10 things I add to every Rails app
The final gem I like to include in all projects is rack-attack. This is a rate limiting tool which is great for throttling dangerous actions in your app to prevent bot attacks or other malicious users.
-
Rails application boilerplate for fast MVP development
rack-attack to prevent bruteforce and DDoS attacks
-
How to prevent scraping/copying data?
Check out Rack Attack. It lets you block bots that make requests too fast to be real users, or that request obviously-suspect URLs (/phpmyadmin for example). There are lots of other options, but those are the quick wins IMO.
What are some alternatives?
SimpleCov - Code coverage for Ruby with a powerful configuration library and automatic merging of coverage across test suites
Metasploit - Metasploit Framework
factory_bot_rails - Factory Bot ♥ Rails
Rack::Protection - NOTE: This project has been merged upstream to sinatra/sinatra
Administrate - A Rails engine that helps you put together a super-flexible admin dashboard.
Rack::UTF8Sanitizer - Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
postmark-rails - Official integration library for using Rails and ActionMailer with the Postmark HTTP API
BeEF - The Browser Exploitation Framework Project
Sidekiq - Simple, efficient background processing for Ruby
Gitrob - Reconnaissance tool for GitHub organizations
devise_masquerade - Extension for devise, enable login as functionality. Add link to the masquerade_path(resource) and use it.
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications