nextcloud /
server
@@ -65,101 +65,101 @@ |
||
| 65 | 65 | * @package OC\AppFramework\Middleware\Security |
| 66 | 66 | */ |
| 67 | 67 | class RateLimitingMiddleware extends Middleware { |
| 68 | - public function __construct( |
|
| 69 | - protected IRequest $request, |
|
| 70 | - protected IUserSession $userSession, |
|
| 71 | - protected ControllerMethodReflector $reflector, |
|
| 72 | - protected Limiter $limiter, |
|
| 73 | - ) { |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - /** |
|
| 77 | - * {@inheritDoc} |
|
| 78 | - * @throws RateLimitExceededException |
|
| 79 | - */ |
|
| 80 | - public function beforeController(Controller $controller, string $methodName): void { |
|
| 81 | - parent::beforeController($controller, $methodName); |
|
| 82 | - $rateLimitIdentifier = get_class($controller) . '::' . $methodName; |
|
| 83 | - |
|
| 84 | - if ($this->userSession->isLoggedIn()) { |
|
| 85 | - $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'UserRateThrottle', UserRateLimit::class); |
|
| 86 | - |
|
| 87 | - if ($rateLimit !== null) { |
|
| 88 | - $this->limiter->registerUserRequest( |
|
| 89 | - $rateLimitIdentifier, |
|
| 90 | - $rateLimit->getLimit(), |
|
| 91 | - $rateLimit->getPeriod(), |
|
| 92 | - $this->userSession->getUser() |
|
| 93 | - ); |
|
| 94 | - return; |
|
| 95 | - } |
|
| 96 | - |
|
| 97 | - // If not user specific rate limit is found the Anon rate limit applies! |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'AnonRateThrottle', AnonRateLimit::class); |
|
| 101 | - |
|
| 102 | - if ($rateLimit !== null) { |
|
| 103 | - $this->limiter->registerAnonRequest( |
|
| 104 | - $rateLimitIdentifier, |
|
| 105 | - $rateLimit->getLimit(), |
|
| 106 | - $rateLimit->getPeriod(), |
|
| 107 | - $this->request->getRemoteAddress() |
|
| 108 | - ); |
|
| 109 | - } |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - /** |
|
| 113 | - * @template T of ARateLimit |
|
| 114 | - * |
|
| 115 | - * @param Controller $controller |
|
| 116 | - * @param string $methodName |
|
| 117 | - * @param string $annotationName |
|
| 118 | - * @param class-string<T> $attributeClass |
|
| 119 | - * @return ?ARateLimit |
|
| 120 | - */ |
|
| 121 | - protected function readLimitFromAnnotationOrAttribute(Controller $controller, string $methodName, string $annotationName, string $attributeClass): ?ARateLimit { |
|
| 122 | - $annotationLimit = $this->reflector->getAnnotationParameter($annotationName, 'limit'); |
|
| 123 | - $annotationPeriod = $this->reflector->getAnnotationParameter($annotationName, 'period'); |
|
| 124 | - |
|
| 125 | - if ($annotationLimit !== '' && $annotationPeriod !== '') { |
|
| 126 | - return new $attributeClass( |
|
| 127 | - (int) $annotationLimit, |
|
| 128 | - (int) $annotationPeriod, |
|
| 129 | - ); |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - $reflectionMethod = new ReflectionMethod($controller, $methodName); |
|
| 133 | - $attributes = $reflectionMethod->getAttributes($attributeClass); |
|
| 134 | - $attribute = current($attributes); |
|
| 135 | - |
|
| 136 | - if ($attribute !== false) { |
|
| 137 | - return $attribute->newInstance(); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - return null; |
|
| 141 | - } |
|
| 142 | - |
|
| 143 | - /** |
|
| 144 | - * {@inheritDoc} |
|
| 145 | - */ |
|
| 146 | - public function afterException(Controller $controller, string $methodName, \Exception $exception): Response { |
|
| 147 | - if ($exception instanceof RateLimitExceededException) { |
|
| 148 | - if (stripos($this->request->getHeader('Accept'), 'html') === false) { |
|
| 149 | - $response = new DataResponse([], $exception->getCode()); |
|
| 150 | - } else { |
|
| 151 | - $response = new TemplateResponse( |
|
| 152 | - 'core', |
|
| 153 | - '429', |
|
| 154 | - [], |
|
| 155 | - TemplateResponse::RENDER_AS_GUEST |
|
| 156 | - ); |
|
| 157 | - $response->setStatus($exception->getCode()); |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - return $response; |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - throw $exception; |
|
| 164 | - } |
|
| 68 | + public function __construct( |
|
| 69 | + protected IRequest $request, |
|
| 70 | + protected IUserSession $userSession, |
|
| 71 | + protected ControllerMethodReflector $reflector, |
|
| 72 | + protected Limiter $limiter, |
|
| 73 | + ) { |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + /** |
|
| 77 | + * {@inheritDoc} |
|
| 78 | + * @throws RateLimitExceededException |
|
| 79 | + */ |
|
| 80 | + public function beforeController(Controller $controller, string $methodName): void { |
|
| 81 | + parent::beforeController($controller, $methodName); |
|
| 82 | + $rateLimitIdentifier = get_class($controller) . '::' . $methodName; |
|
| 83 | + |
|
| 84 | + if ($this->userSession->isLoggedIn()) { |
|
| 85 | + $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'UserRateThrottle', UserRateLimit::class); |
|
| 86 | + |
|
| 87 | + if ($rateLimit !== null) { |
|
| 88 | + $this->limiter->registerUserRequest( |
|
| 89 | + $rateLimitIdentifier, |
|
| 90 | + $rateLimit->getLimit(), |
|
| 91 | + $rateLimit->getPeriod(), |
|
| 92 | + $this->userSession->getUser() |
|
| 93 | + ); |
|
| 94 | + return; |
|
| 95 | + } |
|
| 96 | + |
|
| 97 | + // If not user specific rate limit is found the Anon rate limit applies! |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'AnonRateThrottle', AnonRateLimit::class); |
|
| 101 | + |
|
| 102 | + if ($rateLimit !== null) { |
|
| 103 | + $this->limiter->registerAnonRequest( |
|
| 104 | + $rateLimitIdentifier, |
|
| 105 | + $rateLimit->getLimit(), |
|
| 106 | + $rateLimit->getPeriod(), |
|
| 107 | + $this->request->getRemoteAddress() |
|
| 108 | + ); |
|
| 109 | + } |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + /** |
|
| 113 | + * @template T of ARateLimit |
|
| 114 | + * |
|
| 115 | + * @param Controller $controller |
|
| 116 | + * @param string $methodName |
|
| 117 | + * @param string $annotationName |
|
| 118 | + * @param class-string<T> $attributeClass |
|
| 119 | + * @return ?ARateLimit |
|
| 120 | + */ |
|
| 121 | + protected function readLimitFromAnnotationOrAttribute(Controller $controller, string $methodName, string $annotationName, string $attributeClass): ?ARateLimit { |
|
| 122 | + $annotationLimit = $this->reflector->getAnnotationParameter($annotationName, 'limit'); |
|
| 123 | + $annotationPeriod = $this->reflector->getAnnotationParameter($annotationName, 'period'); |
|
| 124 | + |
|
| 125 | + if ($annotationLimit !== '' && $annotationPeriod !== '') { |
|
| 126 | + return new $attributeClass( |
|
| 127 | + (int) $annotationLimit, |
|
| 128 | + (int) $annotationPeriod, |
|
| 129 | + ); |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + $reflectionMethod = new ReflectionMethod($controller, $methodName); |
|
| 133 | + $attributes = $reflectionMethod->getAttributes($attributeClass); |
|
| 134 | + $attribute = current($attributes); |
|
| 135 | + |
|
| 136 | + if ($attribute !== false) { |
|
| 137 | + return $attribute->newInstance(); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + return null; |
|
| 141 | + } |
|
| 142 | + |
|
| 143 | + /** |
|
| 144 | + * {@inheritDoc} |
|
| 145 | + */ |
|
| 146 | + public function afterException(Controller $controller, string $methodName, \Exception $exception): Response { |
|
| 147 | + if ($exception instanceof RateLimitExceededException) { |
|
| 148 | + if (stripos($this->request->getHeader('Accept'), 'html') === false) { |
|
| 149 | + $response = new DataResponse([], $exception->getCode()); |
|
| 150 | + } else { |
|
| 151 | + $response = new TemplateResponse( |
|
| 152 | + 'core', |
|
| 153 | + '429', |
|
| 154 | + [], |
|
| 155 | + TemplateResponse::RENDER_AS_GUEST |
|
| 156 | + ); |
|
| 157 | + $response->setStatus($exception->getCode()); |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + return $response; |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + throw $exception; |
|
| 164 | + } |
|
| 165 | 165 | } |
@@ -79,7 +79,7 @@ |
||
| 79 | 79 | */ |
| 80 | 80 | public function beforeController(Controller $controller, string $methodName): void { |
| 81 | 81 | parent::beforeController($controller, $methodName); |
| 82 | - $rateLimitIdentifier = get_class($controller) . '::' . $methodName; |
|
| 82 | + $rateLimitIdentifier = get_class($controller).'::'.$methodName; |
|
| 83 | 83 | |
| 84 | 84 | if ($this->userSession->isLoggedIn()) { |
| 85 | 85 | $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'UserRateThrottle', UserRateLimit::class); |
@@ -32,26 +32,26 @@ |
||
| 32 | 32 | * @since 27.0.0 |
| 33 | 33 | */ |
| 34 | 34 | abstract class ARateLimit { |
| 35 | - /** |
|
| 36 | - * @since 27.0.0 |
|
| 37 | - */ |
|
| 38 | - public function __construct( |
|
| 39 | - protected int $limit, |
|
| 40 | - protected int $period, |
|
| 41 | - ) { |
|
| 42 | - } |
|
| 35 | + /** |
|
| 36 | + * @since 27.0.0 |
|
| 37 | + */ |
|
| 38 | + public function __construct( |
|
| 39 | + protected int $limit, |
|
| 40 | + protected int $period, |
|
| 41 | + ) { |
|
| 42 | + } |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * @since 27.0.0 |
|
| 46 | - */ |
|
| 47 | - public function getLimit(): int { |
|
| 48 | - return $this->limit; |
|
| 49 | - } |
|
| 44 | + /** |
|
| 45 | + * @since 27.0.0 |
|
| 46 | + */ |
|
| 47 | + public function getLimit(): int { |
|
| 48 | + return $this->limit; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - /** |
|
| 52 | - * @since 27.0.0 |
|
| 53 | - */ |
|
| 54 | - public function getPeriod(): int { |
|
| 55 | - return $this->period; |
|
| 56 | - } |
|
| 51 | + /** |
|
| 52 | + * @since 27.0.0 |
|
| 53 | + */ |
|
| 54 | + public function getPeriod(): int { |
|
| 55 | + return $this->period; |
|
| 56 | + } |
|
| 57 | 57 | } |
