diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-12 20:32:48 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-13 12:00:16 +0200 |
commit | 66835476b59b8be7593d4cfa03a51c4f265d7e26 (patch) | |
tree | 91770c8fe403da25af50e6336727ab55fe57cd27 /apps/testing | |
parent | 5505faa3d7b6f5a95f18fe5027355d700d69f396 (diff) | |
download | nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.tar.gz nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.zip |
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'apps/testing')
-rw-r--r-- | apps/testing/appinfo/routes.php | 20 | ||||
-rw-r--r-- | apps/testing/lib/Controller/RateLimitTestController.php | 52 |
2 files changed, 72 insertions, 0 deletions
diff --git a/apps/testing/appinfo/routes.php b/apps/testing/appinfo/routes.php index 13caa2289df..d45cfe00eca 100644 --- a/apps/testing/appinfo/routes.php +++ b/apps/testing/appinfo/routes.php @@ -25,12 +25,32 @@ namespace OCA\Testing\AppInfo; use OCA\Testing\Config; use OCA\Testing\Locking\Provisioning; use OCP\API; +use OCP\AppFramework\App; $config = new Config( \OC::$server->getConfig(), \OC::$server->getRequest() ); +$app = new App('testing'); +$app->registerRoutes( + $this, + [ + 'routes' => [ + [ + 'name' => 'RateLimitTest#userAndAnonProtected', + 'url' => '/userAndAnonProtected', + 'verb' => 'GET', + ], + [ + 'name' => 'RateLimitTest#onlyAnonProtected', + 'url' => '/anonProtected', + 'verb' => 'GET', + ], + ] + ] +); + API::register( 'post', '/apps/testing/api/v1/app/{appid}/{configkey}', diff --git a/apps/testing/lib/Controller/RateLimitTestController.php b/apps/testing/lib/Controller/RateLimitTestController.php new file mode 100644 index 00000000000..c43d33e5335 --- /dev/null +++ b/apps/testing/lib/Controller/RateLimitTestController.php @@ -0,0 +1,52 @@ +<?php +/** + * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Testing\Controller; + +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; + +class RateLimitTestController extends Controller { + /** + * @PublicPage + * @NoCSRFRequired + * + * @UserRateThrottle(limit=5, period=100) + * @AnonRateThrottle(limit=1, period=100) + * + * @return JSONResponse + */ + public function userAndAnonProtected() { + return new JSONResponse(); + } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @AnonRateThrottle(limit=1, period=10) + * + * @return JSONResponse + */ + public function onlyAnonProtected() { + return new JSONResponse(); + } +} |