track or throttle, and repeated notifications

[jrochkind]

Let's say I want to track with a throttle limit/period, as per the README:

# Supports optional limit and period, triggers the notification only when the limit is reached.
Rack::Attack.track("special_agent", limit: 6, period: 60) do |req|
  req.user_agent == "SpecialAgent"
end

OK, after SpecialAgent requests 7 times in 60 seconds, it'll generate a notification, which I log. But then if it requests an 8th time, another notification and log. A 9th time, 10th time, etc, again. It'll keep generating notifications on each additional request over the limit, until the period resets.

I really only want to log this ONCE in the given period, not each subsequent time it again goes over the limit. As that could of course be an awful lot of log lines. (I'm curious for what use cases track works well as is; maybe it doesn't get used that much with limit feature?)

*This actually applies to logging throttle notifications too. Maybe I want to log every time an IP address gets throttled.. but if I'm getting a mass amount of requests, I only want to log ONCE (per period, I guess), not every time the IP continues to increment!

Can anyone figure out a good way to do this? Can anyone suggest a way the current architecture could accomodate this as a feature or improvement with a PR?

[jrochkind]

Answering my own question, here's a kind of hacky way I found to do it... still curious as to feedback as to whether this should be built into rack-attack somehow as option, or even as default.

ActiveSupport::Notifications.subscribe(/throttle\.rack_attack|track\.rack_attack/) do |name, start, finish, request_id, payload|
  rack_request = payload[:request]
  rack_env     = rack_request.env
  match_data   = rack_env["rack.attack.match_data"]

  period = match_data[:period] || 60.seconds
  match_name = rack_env["rack.attack.matched"]
  discriminator = rack_env["rack.attack.match_discriminator"]
  last_logged_key = "rack_attack_notification_#{name}_#{match_name}_#{discriminator}"

  last_logged_count = Rack::Attack.cache.read(last_logged_key)
  current_count = match_data[:count]

  # only log if we have a new count -- if we're still incrementing the count,
  # let previous log suffice for this limit. 

  if !last_logged_count || current_count <= last_logged_count
    # --> do logging here <--

    Rack::Attack.cache.write(last_logged_key, current_count, period + 1)
  end
end

warning do not unthinkingly copy and paste this and assume it will work, it's a proof of concept draft but may very well have edge case bugs