plug_attack v0.1.0 PlugAttack.Rule
Defines various rules that can be used inside the PlugAttack.rule/2 macro.
Summary
Functions
The simplest rule that always allows the request to pass
The simplest rule that always blocks the request
Implements a request throttling algorithm
Functions
The simplest rule that always allows the request to pass.
If value is truthy the request is allowed, otherwise next rules are
evaluated.
The simplest rule that always blocks the request.
If value is truthy the request is blocked, otherwise next rules are
evaluated.
throttle(term, [opt]) :: PlugAttack.rule when opt: {:storage, {PlugAttack.Storage.t, PlugAttack.Storage.opts}} | {:limit, pos_integer} | {:period, pos_integer}
Implements a request throttling algorithm.
The key differentiates different throttles, you can use, for example,
conn.remote_ip for per IP throttling, or an email address for login attempts
limitation. If the key is falsey the throttling is not performed and
next rules are evaluated.
Be careful not to use the same key for different rules that use the same
storage.
Passes {:throttle, data}, as the data to both allow and block tuples, where
data is a keyword containing: :period, :limit, :expires_at - when the
current limit will expire as unix time in milliseconds,
and :remaining - the remaining limit. This can be useful for adding
“X-RateLimit-*” headers.
Options
:storage- required, a tuple ofPlugAttack.Storageimplementation and storage options.:limit- required, how many requests in a period are allowed.:period- required, how long, in ms, is the period.