1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the ApiRateLimitBundle |
||
5 | * |
||
6 | * (c) Indra Gunawan <[email protected]> |
||
7 | * |
||
8 | * For the full copyright and license information, please view the LICENSE |
||
9 | * file that was distributed with this source code. |
||
10 | */ |
||
11 | |||
12 | namespace Indragunawan\ApiRateLimitBundle\Service; |
||
13 | |||
14 | use Doctrine\Common\Annotations\AnnotationReader; |
||
15 | use Indragunawan\ApiRateLimitBundle\Annotation\ApiRateLimit; |
||
16 | use Psr\Cache\CacheItemPoolInterface; |
||
17 | use Symfony\Component\HttpFoundation\Request; |
||
18 | use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; |
||
19 | use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; |
||
20 | |||
21 | /** |
||
22 | * @author Indra Gunawan <[email protected]> |
||
23 | */ |
||
24 | class RateLimitHandler |
||
25 | { |
||
26 | /** |
||
27 | * @var CacheItemPoolInterface |
||
28 | */ |
||
29 | private $cacheItemPool; |
||
30 | |||
31 | /** |
||
32 | * @var TokenStorageInterface |
||
33 | */ |
||
34 | private $tokenStorage; |
||
35 | |||
36 | /** |
||
37 | * @var AuthorizationCheckerInterface |
||
38 | */ |
||
39 | private $authorizationChecker; |
||
40 | |||
41 | /** |
||
42 | * @var array |
||
43 | */ |
||
44 | private $throttleConfig; |
||
45 | |||
46 | /** |
||
47 | * @var int |
||
48 | */ |
||
49 | private $limit; |
||
50 | |||
51 | /** |
||
52 | * @var int |
||
53 | */ |
||
54 | private $remaining; |
||
55 | |||
56 | /** |
||
57 | * @var int |
||
58 | */ |
||
59 | private $reset; |
||
60 | |||
61 | /** |
||
62 | * @var |
||
63 | */ |
||
64 | private $enabled = true; |
||
65 | |||
66 | /** |
||
67 | * @var bool |
||
68 | */ |
||
69 | private $rateLimitExceeded = false; |
||
70 | |||
71 | /** |
||
72 | * RateLimitHandler constructor. |
||
73 | */ |
||
74 | 8 | public function __construct( |
|
75 | CacheItemPoolInterface $cacheItemPool, |
||
76 | TokenStorageInterface $tokenStorage, |
||
77 | AuthorizationCheckerInterface $authorizationChecker, |
||
78 | array $throttleConfig |
||
79 | ) { |
||
80 | 8 | $this->cacheItemPool = $cacheItemPool; |
|
81 | 8 | $this->tokenStorage = $tokenStorage; |
|
82 | 8 | $this->authorizationChecker = $authorizationChecker; |
|
83 | 8 | $this->throttleConfig = $throttleConfig; |
|
84 | 8 | } |
|
85 | |||
86 | /** |
||
87 | * @return bool |
||
88 | */ |
||
89 | 8 | public function isEnabled() |
|
90 | { |
||
91 | 8 | return $this->enabled; |
|
92 | } |
||
93 | |||
94 | /** |
||
95 | * @return bool |
||
96 | */ |
||
97 | 5 | public function isRateLimitExceeded() |
|
98 | { |
||
99 | 5 | return $this->rateLimitExceeded; |
|
100 | } |
||
101 | |||
102 | 7 | public function getRateLimitInfo(): array |
|
103 | { |
||
104 | return [ |
||
105 | 7 | 'limit' => $this->limit, |
|
106 | 7 | 'remaining' => $this->remaining, |
|
107 | 7 | 'reset' => $this->reset, |
|
108 | ]; |
||
109 | } |
||
110 | |||
111 | 8 | public static function generateCacheKey(string $ip, string $username = null, string $userRole = null): string |
|
112 | { |
||
113 | 8 | if (!empty($username) && !empty($userRole)) { |
|
114 | 2 | return sprintf('_api_rate_limit_metadata$%s', sha1($userRole.$username)); |
|
115 | } |
||
116 | |||
117 | 6 | return sprintf('_api_rate_limit_metadata$%s', sha1($ip)); |
|
118 | } |
||
119 | |||
120 | /** |
||
121 | * @throws \Doctrine\Common\Annotations\AnnotationException |
||
122 | * @throws \Psr\Cache\InvalidArgumentException |
||
123 | * @throws \ReflectionException |
||
124 | */ |
||
125 | 8 | public function handle(Request $request) |
|
126 | { |
||
127 | 8 | $reflectionClass = new \ReflectionClass($request->attributes->get('_api_resource_class')); |
|
128 | 8 | if (\PHP_VERSION_ID >= 80000 && $attributes = $reflectionClass->getAttributes(ApiRateLimit::class)) { |
|
129 | $annotation = $attributes[0]->newInstance(); |
||
130 | } else { |
||
131 | 8 | $annotationReader = new AnnotationReader(); |
|
132 | /** @var ApiRateLimit $annotation */ |
||
133 | 8 | $annotation = $annotationReader->getClassAnnotation($reflectionClass, ApiRateLimit::class); |
|
134 | } |
||
135 | |||
136 | 8 | if (null !== $annotation) { |
|
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
137 | 8 | $this->enabled = $annotation->enabled; |
|
138 | if (( |
||
139 | 8 | !\in_array($request->getMethod(), array_map('strtoupper', $annotation->methods), true) |
|
140 | && |
||
141 | 8 | !\in_array($request->attributes->get('_api_item_operation_name'), array_map('strtolower', $annotation->methods), true) |
|
142 | ) |
||
143 | 8 | && !empty($annotation->methods) |
|
144 | ) { |
||
145 | // The annotation is ignored as the method is not corresponding |
||
146 | 8 | $annotation = new ApiRateLimit(); |
|
147 | } |
||
148 | } else { |
||
149 | $annotation = new ApiRateLimit(); |
||
150 | } |
||
151 | |||
152 | 8 | list($key, $limit, $period) = $this->getThrottle($request, $annotation); |
|
153 | |||
154 | 8 | if ($this->enabled) { |
|
155 | 7 | $this->decreaseRateLimitRemaining($key, $limit, $period); |
|
156 | } |
||
157 | 8 | } |
|
158 | |||
159 | /** |
||
160 | * @throws \Psr\Cache\InvalidArgumentException |
||
161 | */ |
||
162 | 7 | protected function decreaseRateLimitRemaining(string $key, int $limit, int $period) |
|
163 | { |
||
164 | 7 | $cost = 1; |
|
165 | 7 | $currentTime = gmdate('U'); |
|
166 | |||
167 | 7 | $rateLimitInfo = $this->cacheItemPool->getItem($key); |
|
168 | 7 | $rateLimit = $rateLimitInfo->get(); |
|
169 | 7 | if ($rateLimitInfo->isHit() && $currentTime <= $rateLimit['reset']) { |
|
170 | // decrease existing rate limit remaining |
||
171 | 2 | if ($rateLimit['remaining'] - $cost >= 0) { |
|
172 | 1 | $remaining = $rateLimit['remaining'] - $cost; |
|
173 | 1 | $reset = $rateLimit['reset']; |
|
174 | 1 | $ttl = $rateLimit['reset'] - $currentTime; |
|
175 | } else { |
||
176 | 1 | $this->rateLimitExceeded = true; |
|
177 | 1 | $this->reset = $rateLimit['reset']; |
|
178 | 1 | $this->limit = $limit; |
|
179 | 1 | $this->remaining = 0; |
|
180 | |||
181 | 2 | return; |
|
182 | } |
||
183 | } else { |
||
184 | // add / reset new rate limit remaining |
||
185 | 5 | $remaining = $limit - $cost; |
|
186 | 5 | $reset = $currentTime + $period; |
|
187 | 5 | $ttl = $period; |
|
188 | } |
||
189 | |||
190 | $rateLimit = [ |
||
191 | 6 | 'limit' => $limit, |
|
192 | 6 | 'remaining' => $remaining, |
|
193 | 6 | 'reset' => $reset, |
|
194 | ]; |
||
195 | |||
196 | 6 | $rateLimitInfo->set($rateLimit); |
|
197 | 6 | $rateLimitInfo->expiresAfter($ttl); |
|
198 | |||
199 | 6 | $this->cacheItemPool->save($rateLimitInfo); |
|
200 | |||
201 | 6 | $this->limit = $limit; |
|
202 | 6 | $this->remaining = $remaining; |
|
203 | 6 | $this->reset = $reset; |
|
204 | 6 | } |
|
205 | |||
206 | /** |
||
207 | * @return array |
||
208 | */ |
||
209 | 8 | private function getThrottle(Request $request, ApiRateLimit $annotation) |
|
210 | { |
||
211 | 8 | if (null !== $token = $this->tokenStorage->getToken()) { |
|
212 | // no anonymous |
||
213 | 2 | if (\is_object($token->getUser())) { |
|
214 | 2 | $rolesConfig = $this->throttleConfig['roles']; |
|
215 | 2 | if (!empty($annotation->throttle['roles'])) { |
|
216 | 1 | $rolesConfig = $annotation->throttle['roles']; |
|
217 | } |
||
218 | |||
219 | 2 | foreach ($rolesConfig as $role => $throttle) { |
|
220 | 2 | if ($this->authorizationChecker->isGranted($role)) { |
|
221 | 2 | $username = $token->getUsername(); |
|
222 | 2 | $userRole = $role; |
|
223 | 2 | $limit = $throttle['limit']; |
|
224 | 2 | $period = $throttle['period']; |
|
225 | |||
226 | 2 | return [self::generateCacheKey($request->getClientIp(), $username, $userRole), $limit, $period]; |
|
227 | } |
||
228 | } |
||
229 | } |
||
230 | } |
||
231 | |||
232 | 6 | if (!empty($annotation->throttle['default'])) { |
|
233 | 1 | $limit = $annotation->throttle['default']['limit']; |
|
234 | 1 | $period = $annotation->throttle['default']['period']; |
|
235 | } else { |
||
236 | 5 | $limit = $this->throttleConfig['default']['limit']; |
|
237 | 5 | $period = $this->throttleConfig['default']['period']; |
|
238 | } |
||
239 | |||
240 | 6 | return [self::generateCacheKey($request->getClientIp()), $limit, $period]; |
|
241 | } |
||
242 | } |
||
243 |