userSession instanceof Session && $this->userSession->getSession()->get('app_api') === true && $this->userSession->getUser() === null) { // if userId is not specified and the request is authenticated by AppAPI, we skip the rate limit return; } if ($this->userSession->isLoggedIn()) { $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'UserRateThrottle', UserRateLimit::class); if ($rateLimit !== null) { $this->limiter->registerUserRequest( $rateLimitIdentifier, $rateLimit->getLimit(), $rateLimit->getPeriod(), $this->userSession->getUser() ); return; } // If not user specific rate limit is found the Anon rate limit applies! } $rateLimit = $this->readLimitFromAnnotationOrAttribute($controller, $methodName, 'AnonRateThrottle', AnonRateLimit::class); if ($rateLimit !== null) { $this->limiter->registerAnonRequest( $rateLimitIdentifier, $rateLimit->getLimit(), $rateLimit->getPeriod(), $this->request->getRemoteAddress() ); } } /** * @template T of ARateLimit * * @param Controller $controller * @param string $methodName * @param string $annotationName * @param class-string $attributeClass * @return ?ARateLimit */ protected function readLimitFromAnnotationOrAttribute(Controller $controller, string $methodName, string $annotationName, string $attributeClass): ?ARateLimit { $annotationLimit = $this->reflector->getAnnotationParameter($annotationName, 'limit'); $annotationPeriod = $this->reflector->getAnnotationParameter($annotationName, 'period'); if ($annotationLimit !== '' && $annotationPeriod !== '') { return new $attributeClass( (int)$annotationLimit, (int)$annotationPeriod, ); } $reflectionMethod = new ReflectionMethod($controller, $methodName); $attributes = $reflectionMethod->getAttributes($attributeClass); $attribute = current($attributes); if ($attribute !== false) { return $attribute->newInstance(); } return null; } /** * {@inheritDoc} */ public function afterException(Controller $controller, string $methodName, \Exception $exception): Response { if ($exception instanceof RateLimitExceededException) { if (stripos($this->request->getHeader('Accept'), 'html') === false) { $response = new DataResponse([], $exception->getCode()); } else { $response = new TemplateResponse( 'core', '429', [], TemplateResponse::RENDER_AS_GUEST ); $response->setStatus($exception->getCode()); } return $response; } throw $exception; } } on_v5.3.1 Nextcloud server, a safe home for all your data: https://github.com/nextcloud/serverwww-data
aboutsummaryrefslogtreecommitdiffstats
path: root/apps/testing/lib/Listener/GetDeclarativeSettingsValueListener.php
blob: 0df5816800759c217b305699582e31b4646bf3d2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37