diff options
6 files changed, 77 insertions, 0 deletions
diff --git a/core/Controller/PreviewController.php b/core/Controller/PreviewController.php index a3b826c19e6..7ac70181fd9 100644 --- a/core/Controller/PreviewController.php +++ b/core/Controller/PreviewController.php @@ -14,6 +14,7 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\FrontpageRoute; use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\RequestTimeout; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\FileDisplayResponse; use OCP\AppFramework\Http\RedirectResponse; @@ -58,6 +59,7 @@ class PreviewController extends Controller { #[NoAdminRequired] #[NoCSRFRequired] #[FrontpageRoute(verb: 'GET', url: '/core/preview.png')] + #[RequestTimeout(timeout: 25)] public function getPreview( string $file = '', int $x = 32, @@ -101,6 +103,7 @@ class PreviewController extends Controller { #[NoAdminRequired] #[NoCSRFRequired] #[FrontpageRoute(verb: 'GET', url: '/core/preview')] + #[RequestTimeout(timeout: 25)] public function getPreviewByFileId( int $fileId = -1, int $x = 32, diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 4bd8f96454e..a5551540b19 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -56,6 +56,7 @@ return array( 'OCP\\AppFramework\\Http\\Attribute\\OpenAPI' => $baseDir . '/lib/public/AppFramework/Http/Attribute/OpenAPI.php', 'OCP\\AppFramework\\Http\\Attribute\\PasswordConfirmationRequired' => $baseDir . '/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php', 'OCP\\AppFramework\\Http\\Attribute\\PublicPage' => $baseDir . '/lib/public/AppFramework/Http/Attribute/PublicPage.php', + 'OCP\\AppFramework\\Http\\Attribute\\RequestTimeout' => $baseDir . '/lib/public/AppFramework/Http/Attribute/RequestTimeout.php', 'OCP\\AppFramework\\Http\\Attribute\\Route' => $baseDir . '/lib/public/AppFramework/Http/Attribute/Route.php', 'OCP\\AppFramework\\Http\\Attribute\\StrictCookiesRequired' => $baseDir . '/lib/public/AppFramework/Http/Attribute/StrictCookiesRequired.php', 'OCP\\AppFramework\\Http\\Attribute\\SubAdminRequired' => $baseDir . '/lib/public/AppFramework/Http/Attribute/SubAdminRequired.php', @@ -935,6 +936,7 @@ return array( 'OC\\AppFramework\\Middleware\\OCSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/OCSMiddleware.php', 'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php', 'OC\\AppFramework\\Middleware\\PublicShare\\PublicShareMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php', + 'OC\\AppFramework\\Middleware\\RequestTimeMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php', 'OC\\AppFramework\\Middleware\\Security\\BruteForceMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php', 'OC\\AppFramework\\Middleware\\Security\\CORSMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php', 'OC\\AppFramework\\Middleware\\Security\\CSPMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index a9737d27c83..eaf345da0d2 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -89,6 +89,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OCP\\AppFramework\\Http\\Attribute\\OpenAPI' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/OpenAPI.php', 'OCP\\AppFramework\\Http\\Attribute\\PasswordConfirmationRequired' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php', 'OCP\\AppFramework\\Http\\Attribute\\PublicPage' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/PublicPage.php', + 'OCP\\AppFramework\\Http\\Attribute\\RequestTimeout' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/RequestTimeout.php', 'OCP\\AppFramework\\Http\\Attribute\\Route' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/Route.php', 'OCP\\AppFramework\\Http\\Attribute\\StrictCookiesRequired' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/StrictCookiesRequired.php', 'OCP\\AppFramework\\Http\\Attribute\\SubAdminRequired' => __DIR__ . '/../../..' . '/lib/public/AppFramework/Http/Attribute/SubAdminRequired.php', @@ -968,6 +969,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OC\\AppFramework\\Middleware\\OCSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/OCSMiddleware.php', 'OC\\AppFramework\\Middleware\\PublicShare\\Exceptions\\NeedAuthenticationException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php', 'OC\\AppFramework\\Middleware\\PublicShare\\PublicShareMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php', + 'OC\\AppFramework\\Middleware\\RequestTimeMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php', 'OC\\AppFramework\\Middleware\\Security\\BruteForceMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php', 'OC\\AppFramework\\Middleware\\Security\\CORSMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php', 'OC\\AppFramework\\Middleware\\Security\\CSPMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php', diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index a96e050c0e6..cdfcc31b626 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -293,6 +293,9 @@ class DIContainer extends SimpleContainer implements IAppContainer { ) ); $dispatcher->registerMiddleware( + new OC\AppFramework\Middleware\RequestTimeMiddleware() + ); + $dispatcher->registerMiddleware( $c->get(\OC\AppFramework\Middleware\AdditionalScriptsMiddleware::class) ); diff --git a/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php b/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php new file mode 100644 index 00000000000..7961fd15e96 --- /dev/null +++ b/lib/private/AppFramework/Middleware/RequestTimeMiddleware.php @@ -0,0 +1,29 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OC\AppFramework\Middleware; + +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\RequestTimeout; +use OCP\AppFramework\Middleware; +use ReflectionMethod; + +class RequestTimeMiddleware extends Middleware { + public function beforeController(Controller $controller, string $methodName) { + // Default timeout + $timeout = 30; + $reflectionMethod = new ReflectionMethod($controller, $methodName); + $attributes = $reflectionMethod->getAttributes(RequestTimeout::class); + foreach ($attributes as $attribute) { + /** @var RequestTimeout $timeout */ + $timeoutAttribute = $attribute->newInstance(); + $timeout = $timeoutAttribute->getTimeout(); + } + + @ini_set('max_execution_time', strval($timeout)); + } +} diff --git a/lib/public/AppFramework/Http/Attribute/RequestTimeout.php b/lib/public/AppFramework/Http/Attribute/RequestTimeout.php new file mode 100644 index 00000000000..47aff28ce45 --- /dev/null +++ b/lib/public/AppFramework/Http/Attribute/RequestTimeout.php @@ -0,0 +1,38 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCP\AppFramework\Http\Attribute; + +use Attribute; + +/** + * Attribute for controller methods that want to limit the times a not logged-in + * guest can call the endpoint in a given time period. + * + * @since 31.0.0 + */ +#[Attribute(Attribute::TARGET_METHOD)] +class RequestTimeout { + /** + * @param int $timeout The maximum time the php process should run + * @since 31.0.0 + */ + public function __construct( + protected int $timeout, + ) { + } + + /** + * @return int The maximum time the php process should run + * @since 31.0.0 + */ + public function getTimeout(): int { + return $this->timeout; + } +} |