summaryrefslogtreecommitdiffstats
path: root/apps/testing
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-04-12 20:32:48 +0200
committerLukas Reschke <lukas@statuscode.ch>2017-04-13 12:00:16 +0200
commit66835476b59b8be7593d4cfa03a51c4f265d7e26 (patch)
tree91770c8fe403da25af50e6336727ab55fe57cd27 /apps/testing
parent5505faa3d7b6f5a95f18fe5027355d700d69f396 (diff)
downloadnextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.tar.gz
nextcloud-server-66835476b59b8be7593d4cfa03a51c4f265d7e26.zip
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'apps/testing')
-rw-r--r--apps/testing/appinfo/routes.php20
-rw-r--r--apps/testing/lib/Controller/RateLimitTestController.php52
2 files changed, 72 insertions, 0 deletions
diff --git a/apps/testing/appinfo/routes.php b/apps/testing/appinfo/routes.php
index 13caa2289df..d45cfe00eca 100644
--- a/apps/testing/appinfo/routes.php
+++ b/apps/testing/appinfo/routes.php
@@ -25,12 +25,32 @@ namespace OCA\Testing\AppInfo;
use OCA\Testing\Config;
use OCA\Testing\Locking\Provisioning;
use OCP\API;
+use OCP\AppFramework\App;
$config = new Config(
\OC::$server->getConfig(),
\OC::$server->getRequest()
);
+$app = new App('testing');
+$app->registerRoutes(
+ $this,
+ [
+ 'routes' => [
+ [
+ 'name' => 'RateLimitTest#userAndAnonProtected',
+ 'url' => '/userAndAnonProtected',
+ 'verb' => 'GET',
+ ],
+ [
+ 'name' => 'RateLimitTest#onlyAnonProtected',
+ 'url' => '/anonProtected',
+ 'verb' => 'GET',
+ ],
+ ]
+ ]
+);
+
API::register(
'post',
'/apps/testing/api/v1/app/{appid}/{configkey}',
diff --git a/apps/testing/lib/Controller/RateLimitTestController.php b/apps/testing/lib/Controller/RateLimitTestController.php
new file mode 100644
index 00000000000..c43d33e5335
--- /dev/null
+++ b/apps/testing/lib/Controller/RateLimitTestController.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Testing\Controller;
+
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
+
+class RateLimitTestController extends Controller {
+ /**
+ * @PublicPage
+ * @NoCSRFRequired
+ *
+ * @UserRateThrottle(limit=5, period=100)
+ * @AnonRateThrottle(limit=1, period=100)
+ *
+ * @return JSONResponse
+ */
+ public function userAndAnonProtected() {
+ return new JSONResponse();
+ }
+
+ /**
+ * @PublicPage
+ * @NoCSRFRequired
+ *
+ * @AnonRateThrottle(limit=1, period=10)
+ *
+ * @return JSONResponse
+ */
+ public function onlyAnonProtected() {
+ return new JSONResponse();
+ }
+}