diff options
Diffstat (limited to 'lib/private/Security/RateLimiting')
4 files changed, 65 insertions, 90 deletions
diff --git a/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php b/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php index d1631a8d0ae..41f50a90b5c 100644 --- a/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php +++ b/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php @@ -28,6 +28,7 @@ declare(strict_types=1); namespace OC\Security\RateLimiting\Backend; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\DB\Exception; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IConfig; use OCP\IDBConnection; @@ -35,38 +36,22 @@ use OCP\IDBConnection; class DatabaseBackend implements IBackend { private const TABLE_NAME = 'ratelimit_entries'; - /** @var IConfig */ - private $config; - /** @var IDBConnection */ - private $dbConnection; - /** @var ITimeFactory */ - private $timeFactory; - public function __construct( - IConfig $config, - IDBConnection $dbConnection, - ITimeFactory $timeFactory + private IConfig $config, + private IDBConnection $dbConnection, + private ITimeFactory $timeFactory ) { - $this->config = $config; - $this->dbConnection = $dbConnection; - $this->timeFactory = $timeFactory; } - /** - * @param string $methodIdentifier - * @param string $userIdentifier - * @return string - */ - private function hash(string $methodIdentifier, - string $userIdentifier): string { + private function hash( + string $methodIdentifier, + string $userIdentifier, + ): string { return hash('sha512', $methodIdentifier . $userIdentifier); } /** - * @param string $identifier - * @param int $seconds - * @return int - * @throws \OCP\DB\Exception + * @throws Exception */ private function getExistingAttemptCount( string $identifier @@ -97,8 +82,10 @@ class DatabaseBackend implements IBackend { /** * {@inheritDoc} */ - public function getAttempts(string $methodIdentifier, - string $userIdentifier): int { + public function getAttempts( + string $methodIdentifier, + string $userIdentifier, + ): int { $identifier = $this->hash($methodIdentifier, $userIdentifier); return $this->getExistingAttemptCount($identifier); } @@ -106,9 +93,11 @@ class DatabaseBackend implements IBackend { /** * {@inheritDoc} */ - public function registerAttempt(string $methodIdentifier, - string $userIdentifier, - int $period) { + public function registerAttempt( + string $methodIdentifier, + string $userIdentifier, + int $period, + ): void { $identifier = $this->hash($methodIdentifier, $userIdentifier); $deleteAfter = $this->timeFactory->getDateTime()->add(new \DateInterval("PT{$period}S")); diff --git a/lib/private/Security/RateLimiting/Backend/IBackend.php b/lib/private/Security/RateLimiting/Backend/IBackend.php index 960bfd2d159..24715391a96 100644 --- a/lib/private/Security/RateLimiting/Backend/IBackend.php +++ b/lib/private/Security/RateLimiting/Backend/IBackend.php @@ -39,10 +39,11 @@ interface IBackend { * * @param string $methodIdentifier Identifier for the method * @param string $userIdentifier Identifier for the user - * @return int */ - public function getAttempts(string $methodIdentifier, - string $userIdentifier): int; + public function getAttempts( + string $methodIdentifier, + string $userIdentifier, + ): int; /** * Registers an attempt @@ -51,7 +52,9 @@ interface IBackend { * @param string $userIdentifier Identifier for the user * @param int $period Period in seconds how long this attempt should be stored */ - public function registerAttempt(string $methodIdentifier, - string $userIdentifier, - int $period); + public function registerAttempt( + string $methodIdentifier, + string $userIdentifier, + int $period, + ); } diff --git a/lib/private/Security/RateLimiting/Backend/MemoryCacheBackend.php b/lib/private/Security/RateLimiting/Backend/MemoryCacheBackend.php index 4bcb459c64e..b59178c7d7b 100644 --- a/lib/private/Security/RateLimiting/Backend/MemoryCacheBackend.php +++ b/lib/private/Security/RateLimiting/Backend/MemoryCacheBackend.php @@ -42,36 +42,23 @@ use OCP\IConfig; * @package OC\Security\RateLimiting\Backend */ class MemoryCacheBackend implements IBackend { - /** @var IConfig */ - private $config; - /** @var ICache */ - private $cache; - /** @var ITimeFactory */ - private $timeFactory; + private ICache $cache; public function __construct( - IConfig $config, + private IConfig $config, ICacheFactory $cacheFactory, - ITimeFactory $timeFactory) { - $this->config = $config; + private ITimeFactory $timeFactory, + ) { $this->cache = $cacheFactory->createDistributed(__CLASS__); - $this->timeFactory = $timeFactory; } - /** - * @param string $methodIdentifier - * @param string $userIdentifier - * @return string - */ - private function hash(string $methodIdentifier, - string $userIdentifier): string { + private function hash( + string $methodIdentifier, + string $userIdentifier, + ): string { return hash('sha512', $methodIdentifier . $userIdentifier); } - /** - * @param string $identifier - * @return array - */ private function getExistingAttempts(string $identifier): array { $cachedAttempts = $this->cache->get($identifier); if ($cachedAttempts === null) { @@ -89,8 +76,10 @@ class MemoryCacheBackend implements IBackend { /** * {@inheritDoc} */ - public function getAttempts(string $methodIdentifier, - string $userIdentifier): int { + public function getAttempts( + string $methodIdentifier, + string $userIdentifier, + ): int { $identifier = $this->hash($methodIdentifier, $userIdentifier); $existingAttempts = $this->getExistingAttempts($identifier); @@ -108,9 +97,11 @@ class MemoryCacheBackend implements IBackend { /** * {@inheritDoc} */ - public function registerAttempt(string $methodIdentifier, - string $userIdentifier, - int $period) { + public function registerAttempt( + string $methodIdentifier, + string $userIdentifier, + int $period, + ): void { $identifier = $this->hash($methodIdentifier, $userIdentifier); $existingAttempts = $this->getExistingAttempts($identifier); $currentTime = $this->timeFactory->getTime(); diff --git a/lib/private/Security/RateLimiting/Limiter.php b/lib/private/Security/RateLimiting/Limiter.php index 7848a5b75a7..c8c0e2ce101 100644 --- a/lib/private/Security/RateLimiting/Limiter.php +++ b/lib/private/Security/RateLimiting/Limiter.php @@ -32,27 +32,21 @@ use OC\Security\RateLimiting\Exception\RateLimitExceededException; use OCP\IUser; class Limiter { - /** @var IBackend */ - private $backend; - - /** - * @param IBackend $backend - */ - public function __construct(IBackend $backend) { - $this->backend = $backend; + public function __construct( + private IBackend $backend, + ) { } /** - * @param string $methodIdentifier - * @param string $userIdentifier * @param int $period in seconds - * @param int $limit * @throws RateLimitExceededException */ - private function register(string $methodIdentifier, - string $userIdentifier, - int $period, - int $limit): void { + private function register( + string $methodIdentifier, + string $userIdentifier, + int $period, + int $limit, + ): void { $existingAttempts = $this->backend->getAttempts($methodIdentifier, $userIdentifier); if ($existingAttempts >= $limit) { throw new RateLimitExceededException(); @@ -64,16 +58,15 @@ class Limiter { /** * Registers attempt for an anonymous request * - * @param string $identifier - * @param int $anonLimit * @param int $anonPeriod in seconds - * @param string $ip * @throws RateLimitExceededException */ - public function registerAnonRequest(string $identifier, - int $anonLimit, - int $anonPeriod, - string $ip): void { + public function registerAnonRequest( + string $identifier, + int $anonLimit, + int $anonPeriod, + string $ip, + ): void { $ipSubnet = (new IpAddress($ip))->getSubnet(); $anonHashIdentifier = hash('sha512', 'anon::' . $identifier . $ipSubnet); @@ -83,16 +76,15 @@ class Limiter { /** * Registers attempt for an authenticated request * - * @param string $identifier - * @param int $userLimit * @param int $userPeriod in seconds - * @param IUser $user * @throws RateLimitExceededException */ - public function registerUserRequest(string $identifier, - int $userLimit, - int $userPeriod, - IUser $user): void { + public function registerUserRequest( + string $identifier, + int $userLimit, + int $userPeriod, + IUser $user, + ): void { $userHashIdentifier = hash('sha512', 'user::' . $identifier . $user->getUID()); $this->register($identifier, $userHashIdentifier, $userPeriod, $userLimit); } |