Revert addition of rack-cloudflare gem (#1916)

The addition of cloudflare.rb is causing deployment issues to QA
meedan · Jun 7, 2024 · 9192faa · 9192faa
1 parent 73aa42f
commit 9192faa
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 45 deletions.
diff --git a/Gemfile b/Gemfile
@@ -63,7 +63,6 @@ gem 'graphql-formatter'
 gem 'nokogiri', '1.16.5'
 gem 'puma'
 gem 'rack-attack'
-gem 'rack-cloudflare'
 gem 'rack-cors', '1.0.6', require: 'rack/cors'
 gem 'sidekiq', '5.2.10'
 gem 'sidekiq-cloudwatchmetrics'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -639,7 +639,6 @@ GEM
     rack (2.2.8.1)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
-    rack-cloudflare (1.0.5)
     rack-cors (1.0.6)
       rack (>= 1.6.0)
     rack-protection (2.2.0)
@@ -989,7 +988,6 @@ DEPENDENCIES
   pusher
   rack (= 2.2.8.1)
   rack-attack
-  rack-cloudflare
   rack-cors (= 1.0.6)
   rack-protection (= 2.2.0)
   railroady

diff --git a/config/initializers/cloudflare.rb b/config/initializers/cloudflare.rb
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -1,7 +1,7 @@
 class Rack::Attack
   redis = Redis.new(REDIS_CONFIG)
-
   # Throttle all graphql requests by IP address
+
   throttle('api/graphql', limit: proc { CheckConfig.get('api_rate_limit', 100, :integer) }, period: 60.seconds) do |req|
     req.ip if req.path == '/api/graphql'
   end
@@ -15,17 +15,13 @@ class Rack::Attack
   track('track excessive logins/ip') do |req|
     if req.path == '/api/users/sign_in' && req.post?
       ip = req.ip
-      begin
-        # Increment the counter for the IP and check if it should be blocked
-        count = redis.incr("track:#{ip}")
-        redis.expire("track:#{ip}", 3600) # Set the expiration time to 1 hour
+      # Increment the counter for the IP and check if it should be blocked
+      count = redis.incr("track:#{ip}")
+      redis.expire("track:#{ip}", 3600) # Set the expiration time to 1 hour
 
-        # Add IP to blocklist if count exceeds the threshold
-        if count.to_i >= CheckConfig.get('login_block_limit', 100, :integer)
-          redis.set("block:#{ip}", true)  # No expiration
-        end
-      rescue => e
-        Rails.logger.error("Rack::Attack Error: #{e.message}")
+      # Add IP to blocklist if count exceeds the threshold
+      if count.to_i >= CheckConfig.get('login_block_limit', 100, :integer)
+        redis.set("block:#{ip}", true)  # No expiration
       end
 
       ip

diff --git a/test/lib/check_rack_attack_test.rb b/test/lib/check_rack_attack_test.rb
@@ -30,32 +30,4 @@ class ThrottlingTest < ActionDispatch::IntegrationTest
       assert_response :forbidden
     end
   end
-
-  test "should handle requests via Cloudflare correctly in production" do
-    original_env = Rails.env
-    Rails.env = 'production'
-
-    stub_configs({ 'api_rate_limit' => 3, 'login_block_limit' => 2 }) do
-      # Test throttling for /api/graphql via Cloudflare
-      3.times do
-        post api_graphql_path, headers: { 'CF-Connecting-IP' => '1.2.3.4' }
-        assert_response :unauthorized
-      end
-
-      post api_graphql_path, headers: { 'CF-Connecting-IP' => '1.2.3.4' }
-      assert_response :too_many_requests
-
-      # Test blocking for /api/users/sign_in via Cloudflare
-      user_params = { api_user: { email: '[email protected]', password: random_complex_password } }
-
-      2.times do
-        post api_user_session_path, params: user_params, as: :json, headers: { 'CF-Connecting-IP' => '1.2.3.4' }
-      end
-
-      post api_user_session_path, params: user_params, as: :json, headers: { 'CF-Connecting-IP' => '1.2.3.4' }
-      assert_response :forbidden
-    end
-
-    Rails.env = original_env
-  end
 end