1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<?php
declare(strict_types=1);
/*
* SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\DAV\CardDAV\Security;
use OC\Security\RateLimiting\Exception\RateLimitExceededException;
use OC\Security\RateLimiting\Limiter;
use OCA\DAV\CardDAV\CardDavBackend;
use OCA\DAV\Connector\Sabre\Exception\TooManyRequests;
use OCP\IAppConfig;
use OCP\IUserManager;
use Psr\Log\LoggerInterface;
use Sabre\DAV;
use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\ServerPlugin;
use function count;
use function explode;
class CardDavRateLimitingPlugin extends ServerPlugin {
private ?string $userId;
public function __construct(private Limiter $limiter,
private IUserManager $userManager,
private CardDavBackend $cardDavBackend,
private LoggerInterface $logger,
private IAppConfig $config,
?string $userId) {
$this->limiter = $limiter;
$this->userManager = $userManager;
$this->cardDavBackend = $cardDavBackend;
$this->config = $config;
$this->logger = $logger;
$this->userId = $userId;
}
public function initialize(DAV\Server $server): void {
$server->on('beforeBind', [$this, 'beforeBind'], 1);
}
public function beforeBind(string $path): void {
if ($this->userId === null) {
// We only care about authenticated users here
return;
}
$user = $this->userManager->get($this->userId);
if ($user === null) {
// We only care about authenticated users here
return;
}
$pathParts = explode('/', $path);
if (count($pathParts) === 4 && $pathParts[0] === 'addressbooks') {
// Path looks like addressbooks/users/username/addressbooksname so a new addressbook is created
try {
$this->limiter->registerUserRequest(
'carddav-create-address-book',
$this->config->getValueInt('dav', 'rateLimitAddressBookCreation', 10),
$this->config->getValueInt('dav', 'rateLimitPeriodAddressBookCreation', 3600),
$user
);
} catch (RateLimitExceededException $e) {
throw new TooManyRequests('Too many addressbooks created', 0, $e);
}
$addressBookLimit = $this->config->getValueInt('dav', 'maximumAdressbooks', 10);
if ($addressBookLimit === -1) {
return;
}
$numAddressbooks = $this->cardDavBackend->getAddressBooksForUserCount('principals/users/' . $user->getUID());
if ($numAddressbooks >= $addressBookLimit) {
$this->logger->warning('Maximum number of address books reached', [
'addressbooks' => $numAddressbooks,
'addressBookLimit' => $addressBookLimit,
]);
throw new Forbidden('AddressBook limit reached', 0);
}
}
}
}
|
