From 14274e5dce9793a7a4836b24608f4b98fce189b5 Mon Sep 17 00:00:00 2001
From: Nixon <lazaronixon@hotmail.com>
Date: Sat, 26 Oct 2024 14:32:03 -0300
Subject: [PATCH] Remove --ratelimit

---
 CHANGELOG.md                                  |  1 +
 README.md                                     |  1 -
 .../authentication_generator.rb               | 22 -------------------
 .../templates/config/redis/shared.yml         | 10 ---------
 4 files changed, 1 insertion(+), 33 deletions(-)
 delete mode 100644 lib/generators/authentication/templates/config/redis/shared.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2689a0f4..ad0436e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 * Remove dependency on redis / kredis for sudoable
 * Fix webauthn option. Install @github/webauthn-json.
 * Update application_controller to rails 8.
+* Remove --ratelimit option
 
 ## Authentication Zero 4.0.1 ##
 
diff --git a/README.md b/README.md
index eb664dd2..88582305 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,6 @@ Since Authentication Zero generates this code into your application instead of b
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock mechanism to prevent email bombing (--lockable)
-- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
 - Send e-mail confirmation when your email has been changed
 - Manage multiple sessions & devices
 - Activity log (--trackable)
diff --git a/lib/generators/authentication/authentication_generator.rb b/lib/generators/authentication/authentication_generator.rb
index a639d4ab..1e9e7a47 100644
--- a/lib/generators/authentication/authentication_generator.rb
+++ b/lib/generators/authentication/authentication_generator.rb
@@ -7,7 +7,6 @@ class AuthenticationGenerator < Rails::Generators::Base
   class_option :pwned,         type: :boolean, desc: "Add pwned password validation"
   class_option :sudoable,      type: :boolean, desc: "Add password request before sensitive data changes"
   class_option :lockable,      type: :boolean, desc: "Add password reset locking"
-  class_option :ratelimit,     type: :boolean, desc: "Add request rate limiting"
   class_option :passwordless,  type: :boolean, desc: "Add passwordless sign in"
   class_option :omniauthable,  type: :boolean, desc: "Add social login support"
   class_option :trackable,     type: :boolean, desc: "Add activity log support"
@@ -22,14 +21,6 @@ class AuthenticationGenerator < Rails::Generators::Base
   def add_gems
     gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
 
-    if options.ratelimit?
-      gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
-    end
-
-    if redis?
-      gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
-    end
-
     if options.pwned?
       gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
     end
@@ -52,11 +43,9 @@ def add_gems
   def add_environment_configurations
     application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
     application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
-    environment ratelimit_block, env: "production" if options.ratelimit?
   end
 
   def create_configuration_files
-    copy_file "config/redis/shared.yml" if redis?
     copy_file "config/initializers/omniauth.rb" if omniauthable?
     copy_file "config/initializers/webauthn.rb" if webauthn?
   end
@@ -257,10 +246,6 @@ def sudoable?
       options.sudoable? && !options.api?
     end
 
-    def redis?
-      options.ratelimit?
-    end
-
     def importmaps?
       Rails.root.join("config/importmap.rb").exist?
     end
@@ -268,11 +253,4 @@ def importmaps?
     def node?
       Rails.root.join("package.json").exist?
     end
-
-    def ratelimit_block
-      <<~CODE
-        # Rate limit general requests by IP address in a rate of 1000 requests per minute
-        config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
-      CODE
-    end
 end
diff --git a/lib/generators/authentication/templates/config/redis/shared.yml b/lib/generators/authentication/templates/config/redis/shared.yml
deleted file mode 100644
index 1472839b..00000000
--- a/lib/generators/authentication/templates/config/redis/shared.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-production: &production
-  url: <%= ENV.fetch("REDIS_URL", "redis://127.0.0.1:6379/0") %>
-  timeout: 1
-
-development: &development
-  url: <%= ENV.fetch("REDIS_URL", "redis://127.0.0.1:6379/0") %>
-  timeout: 1
-
-test:
-  <<: *development