Add support for ratelimiting via annotations

This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

1 files changed, 21 insertions, 3 deletions

diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 4fb13b09ae0..a414772c4d6 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -53,11 +53,13 @@ use OCP\AppFramework\QueryException;
 use OCP\Files\Folder;
 use OCP\Files\IAppData;
 use OCP\IL10N;
+use OCP\IMemcache;
 use OCP\IRequest;
 use OCP\IServerContainer;
 use OCP\IUserSession;
 use OCP\RichObjectStrings\IValidator;
 use OCP\Util;
+use SearchDAV\XML\Limit;
 
 class DIContainer extends SimpleContainer implements IAppContainer {
 
@@ -162,6 +164,22 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 			return $c->query(Validator::class);
 		});
 
+		$this->registerService(OC\Security\RateLimiting\Limiter::class, function($c) {
+			return new OC\Security\RateLimiting\Limiter(
+				$this->getServer()->getUserSession(),
+				$this->getServer()->getRequest(),
+				new OC\AppFramework\Utility\TimeFactory(),
+				$c->query(OC\Security\RateLimiting\Backend\IBackend::class)
+			);
+		});
+
+		$this->registerService(OC\Security\RateLimiting\Backend\IBackend::class, function($c) {
+			return new OC\Security\RateLimiting\Backend\MemoryCache(
+				$this->getServer()->getMemCacheFactory(),
+				new OC\AppFramework\Utility\TimeFactory()
+			);
+		});
+
 		$this->registerService(\OC\Security\IdentityProof\Manager::class, function ($c) {
 			return new \OC\Security\IdentityProof\Manager(
 				$this->getServer()->getAppDataDir('identityproof'),
@@ -169,7 +187,6 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 			);
 		});
 
-
 		/**
 		 * App Framework APIs
 		 */
@@ -220,12 +237,13 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 				$server->getLogger(),
 				$server->getSession(),
 				$c['AppName'],
-				$app->isLoggedIn(),
+				$server->getUserSession(),
 				$app->isAdminUser(),
 				$server->getContentSecurityPolicyManager(),
 				$server->getCsrfTokenManager(),
 				$server->getContentSecurityPolicyNonceManager(),
-				$server->getBruteForceThrottler()
+				$server->getBruteForceThrottler(),
+				$c->query(OC\Security\RateLimiting\Limiter::class)
 			);
 
 		});