feat: Add global rate limiting configrfc/global-rate-limit

Signed-off-by: Julius Härtl <jus@bitgrid.net>

1 files changed, 21 insertions, 0 deletions

diff --git a/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php b/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
index d593bf5019f..57037aa4328 100644
--- a/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php
@@ -19,6 +19,7 @@ use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Middleware;
+use OCP\IConfig;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IUserSession;
@@ -52,6 +53,7 @@ class RateLimitingMiddleware extends Middleware {
 		protected ControllerMethodReflector $reflector,
 		protected Limiter $limiter,
 		protected ISession $session,
+		protected IConfig $config,
 	) {
 	}
 
@@ -93,7 +95,26 @@ class RateLimitingMiddleware extends Middleware {
 				$rateLimit->getPeriod(),
 				$this->request->getRemoteAddress()
 			);
+			return;
 		}
+
+		$globalLimit = $this->config->getSystemValueInt('global-rate-limit.limit', 10);
+		$globalPeriod = $this->config->getSystemValueInt('global-rate-limit.period', 1);
+
+		if ($globalLimit > 0 && $globalPeriod > 0) {
+			$this->userSession->isLoggedIn() ? $this->limiter->registerUserRequest(
+				$rateLimitIdentifier,
+				$globalLimit,
+				$globalPeriod,
+				$this->userSession->getUser()
+			) : $this->limiter->registerAnonRequest(
+				$rateLimitIdentifier,
+				$globalLimit,
+				$globalPeriod,
+				$this->request->getRemoteAddress()
+			);
+		}
+
 	}
 
 	/**