kananinirav/rack_attack.rb Secret

## 12 changes: 12 additions & 0 deletions rack_attack.rb
@@ -0,0 +1,12 @@

    # config/initializers/rack_attack.rb (for rails apps)
# config/initializers/rack_attack.rb (for rails apps)

    # Provided that trusted users use an HTTP request header named APIKey
# Provided that trusted users use an HTTP request header named APIKey

    Rack::Attack.safelist('mark any authenticated access safe') do |request|
Rack::Attack.safelist('mark any authenticated access safe') do |request|

      # Requests are allowed if the return value is truthy
  # Requests are allowed if the return value is truthy

      request.env['HTTP_APIKEY'] == 'secret-string'
  request.env['HTTP_APIKEY'] == 'secret-string'

    end
end

    # Always allow requests from localhost
# Always allow requests from localhost

    # (blocklist & throttles are skipped)
# (blocklist & throttles are skipped)

    Rack::Attack.safelist('allow from localhost') do |req|
Rack::Attack.safelist('allow from localhost') do |req|

      # Requests are allowed if the return value is truthy
  # Requests are allowed if the return value is truthy

      '127.0.0.1' == req.ip || '::1' == req.ip
  '127.0.0.1' == req.ip || '::1' == req.ip

    end
end