mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60903 Commits
367 Branches
Tree: 6312c0df69
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6312c0df69'
${ noResults }
nextcloud/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php

RateLimitingMiddleware.php 4.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>

  4.  *

  5.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  6.  * @author Joas Schilling <coding@schilljs.com>

  7.  * @author Lukas Reschke <lukas@statuscode.ch>

  8.  *

  9.  * @license GNU AGPL version 3 or any later version

  10.  *

  11.  * This program is free software: you can redistribute it and/or modify

  12.  * it under the terms of the GNU Affero General Public License as

  13.  * published by the Free Software Foundation, either version 3 of the

  14.  * License, or (at your option) any later version.

  15.  *

  16.  * This program is distributed in the hope that it will be useful,

  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  19.  * GNU Affero General Public License for more details.

  20.  *

  21.  * You should have received a copy of the GNU Affero General Public License

  22.  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  23.  *

  24.  */

  25. namespace OC\AppFramework\Middleware\Security;

  26. 

  27. use OC\AppFramework\Utility\ControllerMethodReflector;

  28. use OC\Security\RateLimiting\Exception\RateLimitExceededException;

  29. use OC\Security\RateLimiting\Limiter;

  30. use OCP\AppFramework\Http\DataResponse;

  31. use OCP\AppFramework\Http\TemplateResponse;

  32. use OCP\AppFramework\Middleware;

  33. use OCP\IRequest;

  34. use OCP\IUserSession;

  35. 

  36. /**

  37.  * Class RateLimitingMiddleware is the middleware responsible for implementing the

  38.  * ratelimiting in Nextcloud.

  39.  *

  40.  * It parses annotations such as:

  41.  *

  42.  * @UserRateThrottle(limit=5, period=100)

  43.  * @AnonRateThrottle(limit=1, period=100)

  44.  *

  45.  * Those annotations above would mean that logged-in users can access the page 5

  46.  * times within 100 seconds, and anonymous users 1 time within 100 seconds. If

  47.  * only an AnonRateThrottle is specified that one will also be applied to logged-in

  48.  * users.

  49.  *

  50.  * @package OC\AppFramework\Middleware\Security

  51.  */

  52. class RateLimitingMiddleware extends Middleware {

  53. 	/** @var IRequest $request */

  54. 	private $request;

  55. 	/** @var IUserSession */

  56. 	private $userSession;

  57. 	/** @var ControllerMethodReflector */

  58. 	private $reflector;

  59. 	/** @var Limiter */

  60. 	private $limiter;

  61. 

  62. 	/**

  63. 	 * @param IRequest $request

  64. 	 * @param IUserSession $userSession

  65. 	 * @param ControllerMethodReflector $reflector

  66. 	 * @param Limiter $limiter

  67. 	 */

  68. 	public function __construct(IRequest $request,

  69. 								IUserSession $userSession,

  70. 								ControllerMethodReflector $reflector,

  71. 								Limiter $limiter) {

  72. 		$this->request = $request;

  73. 		$this->userSession = $userSession;

  74. 		$this->reflector = $reflector;

  75. 		$this->limiter = $limiter;

  76. 	}

  77. 

  78. 	/**

  79. 	 * {@inheritDoc}

  80. 	 * @throws RateLimitExceededException

  81. 	 */

  82. 	public function beforeController($controller, $methodName) {

  83. 		parent::beforeController($controller, $methodName);

  84. 

  85. 		$anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');

  86. 		$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');

  87. 		$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');

  88. 		$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');

  89. 		$rateLimitIdentifier = get_class($controller) . '::' . $methodName;

  90. 		if ($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {

  91. 			$this->limiter->registerUserRequest(

  92. 				$rateLimitIdentifier,

  93. 				$userLimit,

  94. 				$userPeriod,

  95. 				$this->userSession->getUser()

  96. 			);

  97. 		} elseif ($anonLimit !== '' && $anonPeriod !== '') {

  98. 			$this->limiter->registerAnonRequest(

  99. 				$rateLimitIdentifier,

  100. 				$anonLimit,

  101. 				$anonPeriod,

  102. 				$this->request->getRemoteAddress()

  103. 			);

  104. 		}

  105. 	}

  106. 

  107. 	/**

  108. 	 * {@inheritDoc}

  109. 	 */

  110. 	public function afterException($controller, $methodName, \Exception $exception) {

  111. 		if ($exception instanceof RateLimitExceededException) {

  112. 			if (stripos($this->request->getHeader('Accept'), 'html') === false) {

  113. 				$response = new DataResponse([], $exception->getCode());

  114. 			} else {

  115. 				$response = new TemplateResponse(

  116. 					'core',

  117. 					'429',

  118. 					[],

  119. 					TemplateResponse::RENDER_AS_GUEST

  120. 				);

  121. 				$response->setStatus($exception->getCode());

  122. 			}

  123. 

  124. 			return $response;

  125. 		}

  126. 

  127. 		throw $exception;

  128. 	}

  129. }