From d1848ba6f916f5afd6142960082a863f9005c3e9 Mon Sep 17 00:00:00 2001 From: carlad Date: Wed, 30 Mar 2016 12:30:26 +0200 Subject: [PATCH 1/9] make settings visible in repository --- lib/travis/api/v3/models/repository.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/travis/api/v3/models/repository.rb b/lib/travis/api/v3/models/repository.rb index ed35b5a2..22c26d71 100644 --- a/lib/travis/api/v3/models/repository.rb +++ b/lib/travis/api/v3/models/repository.rb @@ -62,5 +62,9 @@ module Travis::API::V3 __send__(name, *args, &block) end + + def settings + @settings ||= JSON.load(super) + end end end From 49a6bb5d265870c93351b48bb339e8a9bad7bef5 Mon Sep 17 00:00:00 2001 From: carlad Date: Thu, 31 Mar 2016 15:51:44 +0200 Subject: [PATCH 2/9] add debug to see what request contains --- lib/travis/api/attack.rb | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/travis/api/attack.rb b/lib/travis/api/attack.rb index 17fcd44a..fbec755d 100644 --- a/lib/travis/api/attack.rb +++ b/lib/travis/api/attack.rb @@ -50,19 +50,22 @@ class Rack::Attack # Ban time: 5 hours # Ban after: 10 POST requests within five minutes to /auth/github blacklist('hammering /auth/github') do |request| - Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 2, findtime: 5.minutes, bantime: bantime(5.hours)) do - request.post? and request.path == '/auth/github' - end + Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 2, findtime: 5.minutes, bantime: bantime(5.hours)) do + request.post? and request.path == '/auth/github' + end end #### # Ban based on: IP address or access token # Ban time: 1 hour - # Ban after: 10 POST requests within 30 seconds + # Ban after: 10 POST requests within 30 seconds, unless api_builds_rate_limit is set in repository settings blacklist('spamming with POST requests') do |request| - Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do - request.post? and not POST_WHITELISTED.include? request.path - end + p "request.inspect ++++++++++++++++++++++++++++" + p request.inspect + p "+++++++++++++++++++++++++++++++++++++++++++++++++++" + Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do + request.post? and not POST_WHITELISTED.include? request.path + end end From d6c0621d7127eb59742d703574f6885793c230d8 Mon Sep 17 00:00:00 2001 From: carlad Date: Thu, 31 Mar 2016 15:55:17 +0200 Subject: [PATCH 3/9] remove fail from rake tasks to allow heroku deployment --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 5d4cd585..80871975 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,6 @@ namespace :db do env = ENV["RAILS_ENV"] - fail "Cannot run rake db:create in production." if env == 'production' + # fail "Cannot run rake db:create in production." if env == 'production' desc "Create and migrate the #{env} database" task :create do sh "createdb travis_#{env}" rescue nil From f51cf1a1d1ca51fca68ed09db02f54d1b3de02a1 Mon Sep 17 00:00:00 2001 From: carlad Date: Thu, 31 Mar 2016 16:54:12 +0200 Subject: [PATCH 4/9] update rakefile to allow heroku deployment, update create.rb with api builds rate limit --- Gemfile.lock | 7 +++++-- Rakefile | 1 - lib/travis/api/attack.rb | 5 +---- lib/travis/api/v3/services/requests/create.rb | 9 +++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7f9f612b..30724ec1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,7 +48,7 @@ GIT GIT remote: git://github.com/travis-ci/travis-core.git - revision: f7b3a76b3f39c28bb5cf7b9dc24acec13908a11a + revision: 57634c3103dec6472bf732de5f051702224dc345 specs: travis-core (0.0.1) actionmailer (~> 3.2.19) @@ -331,7 +331,7 @@ GEM treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.47) + tzinfo (0.3.48) unicorn (4.8.3) kgio (~> 2.6) rack @@ -388,3 +388,6 @@ DEPENDENCIES travis-yaml! unicorn yard-sinatra! + +BUNDLED WITH + 1.10.6 diff --git a/Rakefile b/Rakefile index 80871975..f1cee930 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,5 @@ namespace :db do env = ENV["RAILS_ENV"] - # fail "Cannot run rake db:create in production." if env == 'production' desc "Create and migrate the #{env} database" task :create do sh "createdb travis_#{env}" rescue nil diff --git a/lib/travis/api/attack.rb b/lib/travis/api/attack.rb index fbec755d..d210b633 100644 --- a/lib/travis/api/attack.rb +++ b/lib/travis/api/attack.rb @@ -58,11 +58,8 @@ class Rack::Attack #### # Ban based on: IP address or access token # Ban time: 1 hour - # Ban after: 10 POST requests within 30 seconds, unless api_builds_rate_limit is set in repository settings + # Ban after: 10 POST requests within 30 seconds blacklist('spamming with POST requests') do |request| - p "request.inspect ++++++++++++++++++++++++++++" - p request.inspect - p "+++++++++++++++++++++++++++++++++++++++++++++++++++" Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: bantime(1.hour)) do request.post? and not POST_WHITELISTED.include? request.path end diff --git a/lib/travis/api/v3/services/requests/create.rb b/lib/travis/api/v3/services/requests/create.rb index c3353daf..24254be1 100644 --- a/lib/travis/api/v3/services/requests/create.rb +++ b/lib/travis/api/v3/services/requests/create.rb @@ -22,14 +22,15 @@ module Travis::API::V3 accepted(remaining_requests: remaining, repository: repository, request: payload) end - def limit - Travis.config.requests_create_api_limit || LIMIT + def limit(repository) + repository.settings.try(:api_builds_rate_limit) || LIMIT end def remaining_requests(repository) - return limit if access_control.full_access? + api_builds_rate_limit = limit(repository) + return api_builds_rate_limit if access_control.full_access? count = query(:requests).count(repository, TIME_FRAME) - count > limit ? 0 : limit - count + count > api_builds_rate_limit ? 0 : api_builds_rate_limit - count end end end From 24b2abdfd0135e65a8c02fa1e3c19f09c178f555 Mon Sep 17 00:00:00 2001 From: carlad Date: Thu, 31 Mar 2016 17:15:43 +0200 Subject: [PATCH 5/9] add .rspec for formatting, add new test (still broken) --- .rspec | 3 +++ spec/v3/services/requests/create_spec.rb | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 .rspec diff --git a/.rspec b/.rspec new file mode 100644 index 00000000..262c08ba --- /dev/null +++ b/.rspec @@ -0,0 +1,3 @@ +--colour +--tty +--format documentation diff --git a/spec/v3/services/requests/create_spec.rb b/spec/v3/services/requests/create_spec.rb index 23fd8460..12ee143b 100644 --- a/spec/v3/services/requests/create_spec.rb +++ b/spec/v3/services/requests/create_spec.rb @@ -239,6 +239,27 @@ describe Travis::API::V3::Services::Requests::Create do } end + describe "overrides default request limit if included in repository.settings" do + let(:repository) { Travis::API::V3::Models::Repository.create(owner_name: 'svenfuchs', name: 'minimal', settings: { "api_builds_rate_limit" => "11" } )} + before { 10.times { repository.requests.create(event_type: 'api', result: 'accepted') } } + before { post("/v3/repo/#{repository.id}/requests", params, headers) } + + example { expect(last_response.status).to be == 200 } + example { expect(JSON.load(body).to_s).to include( + "@type", + "error", + "error_type", + "request_limit_reached", + "error_message", + "request limit reached for resource", + "repository", + "representation", + "minimal", + "slug", + "svenfuchs/minimal") + } + end + describe "passing the token in params" do let(:params) {{ request: { token: 'foo-bar' }}} example { expect(sidekiq_params[:credentials]).to be == { From 0e8fe08f7cc6ebcffd003ddc3a77b18295134500 Mon Sep 17 00:00:00 2001 From: Ana Rosas Date: Mon, 4 Apr 2016 16:13:14 +0200 Subject: [PATCH 6/9] Update limit method and finish test --- Gemfile.lock | 7 ++----- lib/travis/api/v3/services/requests/create.rb | 6 +++++- spec/v3/services/requests/create_spec.rb | 19 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 30724ec1..3342bc2a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,7 +48,7 @@ GIT GIT remote: git://github.com/travis-ci/travis-core.git - revision: 57634c3103dec6472bf732de5f051702224dc345 + revision: 9978518236afb520c8fff68bebe7beb62f8ad776 specs: travis-core (0.0.1) actionmailer (~> 3.2.19) @@ -56,7 +56,7 @@ GIT coder (~> 0.4.0) data_migrations (~> 0.0.1) gh - hashr (~> 0.0.19) + hashr metriks (~> 0.9.7) multi_json pusher (~> 0.14.0) @@ -388,6 +388,3 @@ DEPENDENCIES travis-yaml! unicorn yard-sinatra! - -BUNDLED WITH - 1.10.6 diff --git a/lib/travis/api/v3/services/requests/create.rb b/lib/travis/api/v3/services/requests/create.rb index 24254be1..81654bff 100644 --- a/lib/travis/api/v3/services/requests/create.rb +++ b/lib/travis/api/v3/services/requests/create.rb @@ -23,7 +23,11 @@ module Travis::API::V3 end def limit(repository) - repository.settings.try(:api_builds_rate_limit) || LIMIT + if repository.settings.nil? + LIMIT + else + repository.settings["api_builds_rate_limit"] || LIMIT + end end def remaining_requests(repository) diff --git a/spec/v3/services/requests/create_spec.rb b/spec/v3/services/requests/create_spec.rb index 12ee143b..c0dfb035 100644 --- a/spec/v3/services/requests/create_spec.rb +++ b/spec/v3/services/requests/create_spec.rb @@ -240,19 +240,18 @@ describe Travis::API::V3::Services::Requests::Create do end describe "overrides default request limit if included in repository.settings" do - let(:repository) { Travis::API::V3::Models::Repository.create(owner_name: 'svenfuchs', name: 'minimal', settings: { "api_builds_rate_limit" => "11" } )} - before { 10.times { repository.requests.create(event_type: 'api', result: 'accepted') } } - before { post("/v3/repo/#{repository.id}/requests", params, headers) } + before { repo.update_attribute(:settings, { api_builds_rate_limit: 12 }.to_json) } - example { expect(last_response.status).to be == 200 } - example { expect(JSON.load(body).to_s).to include( + before { 10.times { repo.requests.create(event_type: 'api', result: 'accepted') } } + before { post("/v3/repo/#{repo.id}/requests", {}, headers) } + + example { expect(last_response.status).to be == 202 } + example { expect(JSON.load(body).to_s).to include( "@type", - "error", - "error_type", - "request_limit_reached", - "error_message", - "request limit reached for resource", "repository", + "remaining_requests", + "2", + "request", "representation", "minimal", "slug", From 7f4d67ea8d23fdd6f8bd45e100041a2e67a31824 Mon Sep 17 00:00:00 2001 From: carlad Date: Mon, 4 Apr 2016 16:21:16 +0200 Subject: [PATCH 7/9] remove core pointing to branch --- Gemfile | 2 +- Gemfile.lock | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index cf09b3c1..da99c923 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ ruby '2.1.7' if ENV.key?('DYNO') gem 's3', github: 'travis-ci/s3' -gem 'travis-core', github: 'travis-ci/travis-core', ref: 'sf-ar-te' +gem 'travis-core', github: 'travis-ci/travis-core' gem 'travis-support', github: 'travis-ci/travis-support' gem 'travis-amqp', github: 'travis-ci/travis-amqp' gem 'travis-config', '~> 0.1.0' diff --git a/Gemfile.lock b/Gemfile.lock index 665485d0..563536fb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,8 +48,7 @@ GIT GIT remote: git://github.com/travis-ci/travis-core.git - revision: fdcd69981dc9ccb6f85452213d8bdc096f4308be - ref: sf-ar-te + revision: 9978518236afb520c8fff68bebe7beb62f8ad776 specs: travis-core (0.0.1) actionmailer (~> 3.2.19) From 9f9c5bf78947f1831f13bebaa1556ddfe09ba28e Mon Sep 17 00:00:00 2001 From: carlad Date: Tue, 5 Apr 2016 11:43:40 +0200 Subject: [PATCH 8/9] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index bf00f730..5ed8b817 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,6 @@ pg_dump -t logs travis_logs_test | psql -U postgres travis_test popd ``` - ### Run tests $ rake spec From 5fc096f68b1c9ca0cbfe5f497adec3c3fa00944c Mon Sep 17 00:00:00 2001 From: Ana Rosas Date: Tue, 5 Apr 2016 12:29:35 +0200 Subject: [PATCH 9/9] Update rate limit condition --- lib/travis/api/v3/services/requests/create.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/travis/api/v3/services/requests/create.rb b/lib/travis/api/v3/services/requests/create.rb index 81654bff..1d4d0978 100644 --- a/lib/travis/api/v3/services/requests/create.rb +++ b/lib/travis/api/v3/services/requests/create.rb @@ -26,7 +26,7 @@ module Travis::API::V3 if repository.settings.nil? LIMIT else - repository.settings["api_builds_rate_limit"] || LIMIT + repository.settings["api_builds_rate_limit"] || Travis.config.requests_create_api_limit || LIMIT end end