aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulius Härtl <jus@bitgrid.net>2024-07-17 08:49:21 +0200
committerJulius Härtl <jus@bitgrid.net>2024-07-17 08:49:21 +0200
commit6da47e2b1fb33af7ff1b7247eb082ece565216f6 (patch)
tree216459174e096153e90f2b4a44a998129c5e8955
parent4362ed53614c900c53986b694ea3eea3799ab9c1 (diff)
downloadnextcloud-server-rfc/global-rate-limit.tar.gz
nextcloud-server-rfc/global-rate-limit.zip
feat: Add global rate limiting configrfc/global-rate-limit
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat
-rw-r--r--lib/private/AppFramework/DependencyInjection/DIContainer.php3
-rw-r--r--lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php21
2 files changed, 23 insertions, 1 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 4add17396b0..33b50d78c86 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -277,7 +277,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$c->get(IUserSession::class),
$c->get(IControllerMethodReflector::class),
$c->get(OC\Security\RateLimiting\Limiter::class),
- $c->get(ISession::class)
+ $c->get(ISession::class),
+ $c->get(IConfig::class)
)
);
$dispatcher->registerMiddleware(
diff --git a/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php b/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
index d593bf5019f..57037aa4328 100644
--- a/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
@@ -19,6 +19,7 @@ use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Middleware;
+use OCP\IConfig;
use OCP\IRequest;
use OCP\ISession;
use OCP\IUserSession;
@@ -52,6 +53,7 @@ class RateLimitingMiddleware extends Middleware {
protected ControllerMethodReflector $reflector,
protected Limiter $limiter,
protected ISession $session,
+ protected IConfig $config,
) {
}
@@ -93,7 +95,26 @@ class RateLimitingMiddleware extends Middleware {
$rateLimit->getPeriod(),
$this->request->getRemoteAddress()
);
+ return;
}
+
+ $globalLimit = $this->config->getSystemValueInt('global-rate-limit.limit', 10);
+ $globalPeriod = $this->config->getSystemValueInt('global-rate-limit.period', 1);
+
+ if ($globalLimit > 0 && $globalPeriod > 0) {
+ $this->userSession->isLoggedIn() ? $this->limiter->registerUserRequest(
+ $rateLimitIdentifier,
+ $globalLimit,
+ $globalPeriod,
+ $this->userSession->getUser()
+ ) : $this->limiter->registerAnonRequest(
+ $rateLimitIdentifier,
+ $globalLimit,
+ $globalPeriod,
+ $this->request->getRemoteAddress()
+ );
+ }
+
}
/**
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-31 07:31:07 +0000