summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2023-08-14 19:16:31 +0200
committerJoas Schilling <coding@schilljs.com>2023-08-23 06:44:06 +0200
commit5c0789197f2f8f6d4ca088d28f4aae2fc4b8e351 (patch)
treed0bf7d7f8c8fcedb27e7989bf10505f2d329c9b2 /lib
parent97548e789fd09685d79ad4bf28c59d7067ca55b4 (diff)
downloadnextcloud-server-5c0789197f2f8f6d4ca088d28f4aae2fc4b8e351.tar.gz
nextcloud-server-5c0789197f2f8f6d4ca088d28f4aae2fc4b8e351.zip
feat: Add a header which signals that the request was throttled
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php18
1 files changed, 14 insertions, 4 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
index 2ecd26a68e1..6a943af2a1f 100644
--- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
@@ -51,6 +51,8 @@ use ReflectionMethod;
* @package OC\AppFramework\Middleware\Security
*/
class BruteForceMiddleware extends Middleware {
+ private int $delaySlept = 0;
+
public function __construct(
protected ControllerMethodReflector $reflector,
protected Throttler $throttler,
@@ -67,7 +69,7 @@ class BruteForceMiddleware extends Middleware {
if ($this->reflector->hasAnnotation('BruteForceProtection')) {
$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
- $this->throttler->sleepDelayOrThrowOnMax($this->request->getRemoteAddress(), $action);
+ $this->delaySlept += $this->throttler->sleepDelayOrThrowOnMax($this->request->getRemoteAddress(), $action);
} else {
$reflectionMethod = new ReflectionMethod($controller, $methodName);
$attributes = $reflectionMethod->getAttributes(BruteForceProtection::class);
@@ -79,7 +81,7 @@ class BruteForceMiddleware extends Middleware {
/** @var BruteForceProtection $protection */
$protection = $attribute->newInstance();
$action = $protection->getAction();
- $this->throttler->sleepDelayOrThrowOnMax($remoteAddress, $action);
+ $this->delaySlept += $this->throttler->sleepDelayOrThrowOnMax($remoteAddress, $action);
}
}
}
@@ -95,7 +97,7 @@ class BruteForceMiddleware extends Middleware {
$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
$ip = $this->request->getRemoteAddress();
$this->throttler->registerAttempt($action, $ip, $response->getThrottleMetadata());
- $this->throttler->sleepDelayOrThrowOnMax($ip, $action);
+ $this->delaySlept += $this->throttler->sleepDelayOrThrowOnMax($ip, $action);
} else {
$reflectionMethod = new ReflectionMethod($controller, $methodName);
$attributes = $reflectionMethod->getAttributes(BruteForceProtection::class);
@@ -111,7 +113,7 @@ class BruteForceMiddleware extends Middleware {
if (!isset($metaData['action']) || $metaData['action'] === $action) {
$this->throttler->registerAttempt($action, $ip, $metaData);
- $this->throttler->sleepDelayOrThrowOnMax($ip, $action);
+ $this->delaySlept += $this->throttler->sleepDelayOrThrowOnMax($ip, $action);
}
}
} else {
@@ -127,6 +129,14 @@ class BruteForceMiddleware extends Middleware {
}
}
+ if ($this->delaySlept) {
+ $headers = $response->getHeaders();
+ if (!isset($headers['X-Nextcloud-Bruteforce-Throttled'])) {
+ $headers['X-Nextcloud-Bruteforce-Throttled'] = $this->delaySlept . 'ms';
+ $response->setHeaders($headers);
+ }
+ }
+
return parent::afterController($controller, $methodName, $response);
}