PR to add in the Wafris gem

[rmcastil]

No description provided.

[jagthedrummer]

👋 @rmcastil, long time no see!

Do you happen to have any inside info about wafris? It seems a little mysterious to me. It looks like the gem is open source but that it relies on a 3rd party service that's still in pre-release? Is that right? Do you know anything about their plans for pricing and what not?

[rmcastil]

@jagthedrummer nice to see you here!

I'm actually the cofounder of Wafris. You're correct the gem is sort of an open core (similar to the Sidekiq model). It handles the collection of request data to Redis.

The rule setting and visualization is provided by our service Wafris Hub. That base plan is free to everyone. Our intention is to charge for features like teams, having more than 5 or so firewalls, providing Redis, support, etc.

We announced the project at @andrewculver's RailsSaaS in 2022. I saw Andrew about a month ago and he told me to put in a PR for the gem to get it merged in.

Happy to jump on a call to discuss it more.

[jagthedrummer]

Ah, cool, I didn't realize you were behind it.

In terms of getting BT setup to use wafris, is there more to do than just adding it to the Gemfile? It kinda looks like we'd also need an initializer at the very least.

Other questions that immediately come to mind:

• Is there any reason that we'd need to offer a configuration option to disable wafris? (Maybe that would kind of be handled by the initializer looking for an ENV var? If the gem isn't configured will it just do nothing?)
• What do we need to document to get BT users pointed to wherever they need to be in order to actually use the gem/service? And where should that documentation live to be easily discoverable?
• How long does it take for someone to get through the wait list? (Would we be pushing a gem at people that they can't realistically use immediately?)
• Is it possible (useful?) to use the gem without a Hub account? (For instance, in the case of someone with 3rd party service fatigue who doesn't want to sign up for yet another service.) If so, what is that experience like? I don't find it mentioned on the site anywhere.

[rmcastil]

is there more to do than just adding it to the Gemfile? It kinda looks like we'd also need an initializer at the very least.

To work it would need an initializer that points to a Redis instance. Without it, the app would still work you would just get log messages like the following on every request.

[Wafris] Redis connection error: ... request passed without rules check

Is there any reason that we'd need to offer a configuration option to disable wafris? (Maybe that would kind of be handled by the initializer looking for an ENV var? If the gem isn't configured will it just do nothing?)

You could offer an invalid configuration which would report this in the logs on startup:

[Wafris] firewall disabled. Cannot connect via Wafris.configure. Please check your configuration settings. More info can be found at: https://github.com/Wafris/wafris-rb

What do we need to document to get BT users pointed to wherever they need to be in order to actually use the gem/service? And where should that documentation live to be easily discoverable?

So I'm not sure how hands on we need to be with BT users. We've tried really hard to make the Wafris README as clear as possible: https://github.com/Wafris/wafris-rb/tree/main

Is there a documentation page that BT has for gems? If so I can submit a PR there giving tips on getting started with Wafris.

How long does it take for someone to get through the wait list? (Would we be pushing a gem at people that they can't realistically use immediately?)

There is no waitlist for Rails users. The gem has been in production for 4+ months for some users. Anyone can self-serve at this point.

Is it possible (useful?) to use the gem without a Hub account? (For instance, in the case of someone with 3rd party service fatigue who doesn't want to sign up for yet another service.) If so, what is that experience like? I don't find it mentioned on the site anywhere.

It is possible to use the gem without a Hub account but it would just be capturing request data. We could document how to write block rules in Redis if there's a demand.

Our intention was to release an Open Source CLI to allow users to set block rules. One was originally working with just IPs, but has been collecting dust since we expanded the request properties (hosts, paths, params, methods, etc). We're hoping to release that in Q1 of next year.

[rmcastil]

@jagthedrummer hey Jeremy. Just following up on this. Should I also be submitting a PR to the demo site for documentation? I'd imagine we'd go under Add-Ons with Font Awesome Pro. I can also jump on Discord if that helps facilitate the conversation around this PR.

[jagthedrummer]

@rmcastil, hey, sorry for the delay. Yeah, if you could add some docs that would be great. They actually live in the core repo here: https://github.com/bullet-train-co/bullet_train-core/tree/main/bullet_train/docs

Can you also add an appropriate initializer to this PR?