feat!: Adjust default php timeout for controller requests and add attribute to adjustrfc/request-timeout

Signed-off-by: Julius Härtl <jus@bitgrid.net>

5 files changed, 74 insertions, 0 deletions

diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 4bd8f96454e..a5551540b19 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -56,6 +56,7 @@ return array(
     'OCP\\AppFramework\\Http\\Attribute\\OpenAPI' => $baseDir . '/lib/public/AppFramework/Http/Attribute/OpenAPI.php',
     'OCP\\AppFramework\\Http\\Attribute\\PasswordConfirmationRequired' => $baseDir . '/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php',
     'OCP\\AppFramework\\Http\\Attribute\\PublicPage' => $baseDir . '/lib/public/AppFramework/Http/Attribute/PublicPage.php',
+    'OCP\\AppFramework\\Http\\Attribute\\RequestTimeout' => $baseDir . '/lib/public/AppFramework/Http/Attribute/RequestTimeout.php',
     'OCP\\AppFramework\\Http\\Attribute\\Route' => $baseDir . '/lib/public/AppFramework/Http/Attribute/Route.php',
     'OCP\\AppFramework\\Http\\Attribute\\StrictCookiesRequired' => $baseDir . '/lib/public/AppFramework/Http/Attribute/StrictCookiesRequired.php',
     'OCP\\AppFramework\\Http\\Attribute\\SubAdminRequired' => $baseDir . '/lib/public/AppFramework/Http/Attribute/SubAdminRequired.php',
@@ -935,6 +936,7 @@ return array(
     'OC\\AppFramework\\Middleware\\OCSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/OCSMiddleware.php',
     'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php',
     'OC\\AppFramework\\Middleware\\PublicShare\\PublicShareMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php',
+    'OC\\AppFramework\\Middleware\\RequestTimeMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php',
     'OC\\AppFramework\\Middleware\\Security\\BruteForceMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php',
     'OC\\AppFramework\\Middleware\\Security\\CORSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php',
     'OC\\AppFramework\\Middleware\\Security\\CSPMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index a9737d27c83..eaf345da0d2 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -89,6 +89,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OCP\\AppFramework\\Http\\Attribute\\OpenAPI' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/OpenAPI.php',
         'OCP\\AppFramework\\Http\\Attribute\\PasswordConfirmationRequired' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php',
         'OCP\\AppFramework\\Http\\Attribute\\PublicPage' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/PublicPage.php',
+        'OCP\\AppFramework\\Http\\Attribute\\RequestTimeout' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/RequestTimeout.php',
         'OCP\\AppFramework\\Http\\Attribute\\Route' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/Route.php',
         'OCP\\AppFramework\\Http\\Attribute\\StrictCookiesRequired' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/StrictCookiesRequired.php',
         'OCP\\AppFramework\\Http\\Attribute\\SubAdminRequired' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/SubAdminRequired.php',
@@ -968,6 +969,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\AppFramework\\Middleware\\OCSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/OCSMiddleware.php',
         'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php',
         'OC\\AppFramework\\Middleware\\PublicShare\\PublicShareMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php',
+        'OC\\AppFramework\\Middleware\\RequestTimeMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php',
         'OC\\AppFramework\\Middleware\\Security\\BruteForceMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php',
         'OC\\AppFramework\\Middleware\\Security\\CORSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php',
         'OC\\AppFramework\\Middleware\\Security\\CSPMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php',
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index a96e050c0e6..cdfcc31b626 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -293,6 +293,9 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 				)
 			);
 			$dispatcher->registerMiddleware(
+				new OC\AppFramework\Middleware\RequestTimeMiddleware()
+			);
+			$dispatcher->registerMiddleware(
 				$c->get(\OC\AppFramework\Middleware\AdditionalScriptsMiddleware::class)
 			);
 
diff --git a/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php b/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php
new file mode 100644
index 00000000000..7961fd15e96
--- /dev/null
+++ b/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php
@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+namespace OC\AppFramework\Middleware;
+
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\RequestTimeout;
+use OCP\AppFramework\Middleware;
+use ReflectionMethod;
+
+class RequestTimeMiddleware extends Middleware {
+	public function beforeController(Controller $controller, string $methodName) {
+		// Default timeout
+		$timeout = 30;
+		$reflectionMethod = new ReflectionMethod($controller, $methodName);
+		$attributes = $reflectionMethod->getAttributes(RequestTimeout::class);
+		foreach ($attributes as $attribute) {
+			/** @var RequestTimeout $timeout */
+			$timeoutAttribute = $attribute->newInstance();
+			$timeout = $timeoutAttribute->getTimeout();
+		}
+
+		@ini_set('max_execution_time', strval($timeout));
+	}
+}
diff --git a/lib/public/AppFramework/Http/Attribute/RequestTimeout.php b/lib/public/AppFramework/Http/Attribute/RequestTimeout.php
new file mode 100644
index 00000000000..47aff28ce45
--- /dev/null
+++ b/lib/public/AppFramework/Http/Attribute/RequestTimeout.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCP\AppFramework\Http\Attribute;
+
+use Attribute;
+
+/**
+ * Attribute for controller methods that want to limit the times a not logged-in
+ * guest can call the endpoint in a given time period.
+ *
+ * @since 31.0.0
+ */
+#[Attribute(Attribute::TARGET_METHOD)]
+class RequestTimeout {
+	/**
+	 * @param int $timeout The maximum time the php process should run
+	 * @since 31.0.0
+	 */
+	public function __construct(
+		protected int $timeout,
+	) {
+	}
+
+	/**
+	 * @return int The maximum time the php process should run
+	 * @since 31.0.0
+	 */
+	public function getTimeout(): int {
+		return $this->timeout;
+	}
+}