Class: SpreeCmCommissioner::FraudCheck

Inherits:

Object

Object
SpreeCmCommissioner::FraudCheck

show all

Includes:: Spree::ServiceModule::Base

Defined in:: app/services/spree_cm_commissioner/fraud_check.rb

Constant Summary collapse

DEFAULTS =

{
  'max_votes_per_minute_per_user' => 5,
  'max_votes_per_minute_per_ip' => 10,
  'max_accounts_per_device' => 3,
  'block_vpn' => false
}.freeze

RATE_WINDOW = seconds

VPN_CACHE_TTL = 1 hour

Instance Attribute Summary collapse

#contestant ⇒ Object readonly

Returns the value of attribute contestant.
#params ⇒ Object readonly

Returns the value of attribute params.
#request ⇒ Object readonly

Returns the value of attribute request.
#user ⇒ Object readonly

Returns the value of attribute user.
#voting_session ⇒ Object readonly

Returns the value of attribute voting_session.

Instance Method Summary collapse

#call(voting_session:, user:, params:, request:, contestant: nil) ⇒ Object

Instance Attribute Details

#contestant ⇒ `Object` (readonly)

Returns the value of attribute contestant.



27
28
29

# File 'app/services/spree_cm_commissioner/fraud_check.rb', line 27

def contestant
  @contestant
end

#params ⇒ `Object` (readonly)

Returns the value of attribute params.



27
28
29

# File 'app/services/spree_cm_commissioner/fraud_check.rb', line 27

def params
  @params
end

#request ⇒ `Object` (readonly)

Returns the value of attribute request.



27
28
29

# File 'app/services/spree_cm_commissioner/fraud_check.rb', line 27

def request
  @request
end

#user ⇒ `Object` (readonly)

Returns the value of attribute user.



27
28
29

# File 'app/services/spree_cm_commissioner/fraud_check.rb', line 27

def user
  @user
end

#voting_session ⇒ `Object` (readonly)

Returns the value of attribute voting_session.



27
28
29

# File 'app/services/spree_cm_commissioner/fraud_check.rb', line 27

def voting_session
  @voting_session
end

Instance Method Details

#call(voting_session:, user:, params:, request:, contestant: nil) ⇒ `Object`

# File 'app/services/spree_cm_commissioner/fraud_check.rb', line 29

def call(voting_session:, user:, params:, request:, contestant: nil)
  @voting_session = voting_session
  @contestant     = contestant
  @user           = user
  @params         = params
  @request        = request

  return success(nil) if fraud_config.blank?

  check_user_rate_limit!
  check_ip_rate_limit!
  check_device_account_limit!
  check_vpn_block!

  success(nil)
rescue Redis::BaseError, ConnectionPool::TimeoutError => e
  # Fail-open: a Redis outage should not take down voting entirely.
  # Catches both Redis protocol errors and connection pool exhaustion/timeout.
  # Must be rescued BEFORE RuntimeError because Redis::BaseError < RuntimeError
  # in redis gem v4.x — placing it after RuntimeError would let the wrong clause win.
  # Log the error so it is visible in monitoring, but let the vote through.
  # If the policy should be fail-closed instead, replace the rescue body
  # with: failure(I18n.t('voting.errors.service_unavailable'))
  CmAppLogger.error(
    label: 'FraudCheck Redis error — failing open',
    data: {
      voting_session_id: voting_session.id,
      user_id: user&.id,
      error_class: e.class.name,
      error_message: e.message
    }
  )
  success(nil)
rescue RuntimeError => e
  failure(nil, e.message)
end

Class: SpreeCmCommissioner::FraudCheck

Constant Summary collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#contestant ⇒ Object (readonly)

#params ⇒ Object (readonly)

#request ⇒ Object (readonly)

#user ⇒ Object (readonly)

#voting_session ⇒ Object (readonly)