mirror of
https://github.com/elyby/accounts.git
synced 2024-12-25 22:59:53 +05:30
Добавлен рейт-лимитер для запросов к hasJoined для незарегистрированных серверов
This commit is contained in:
parent
68ce8b3fb6
commit
6e15522140
@ -22,7 +22,7 @@ use yii\web\User as YiiUserComponent;
|
||||
* @property AccountSession|null $activeSession
|
||||
* @property AccountIdentity|null $identity
|
||||
*
|
||||
* @method AccountIdentity|null getIdentity()
|
||||
* @method AccountIdentity|null getIdentity($autoRenew = true)
|
||||
*/
|
||||
class Component extends YiiUserComponent {
|
||||
|
||||
|
@ -4,6 +4,7 @@ namespace api\modules\session\controllers;
|
||||
use api\controllers\ApiController;
|
||||
use api\modules\session\exceptions\ForbiddenOperationException;
|
||||
use api\modules\session\exceptions\SessionServerException;
|
||||
use api\modules\session\filters\RateLimiter;
|
||||
use api\modules\session\models\HasJoinedForm;
|
||||
use api\modules\session\models\JoinForm;
|
||||
use api\modules\session\models\protocols\LegacyJoin;
|
||||
@ -18,6 +19,10 @@ class SessionController extends ApiController {
|
||||
public function behaviors() {
|
||||
$behaviors = parent::behaviors();
|
||||
unset($behaviors['authenticator']);
|
||||
$behaviors['rateLimiting'] = [
|
||||
'class' => RateLimiter::class,
|
||||
'only' => ['has-joined', 'has-joined-legacy'],
|
||||
];
|
||||
|
||||
return $behaviors;
|
||||
}
|
||||
|
77
api/modules/session/filters/RateLimiter.php
Normal file
77
api/modules/session/filters/RateLimiter.php
Normal file
@ -0,0 +1,77 @@
|
||||
<?php
|
||||
namespace api\modules\session\filters;
|
||||
|
||||
use common\models\OauthClient;
|
||||
use Yii;
|
||||
use yii\web\Request;
|
||||
use yii\web\TooManyRequestsHttpException;
|
||||
|
||||
class RateLimiter extends \yii\filters\RateLimiter {
|
||||
|
||||
public $limit = 180;
|
||||
public $limitTime = 3600; // 1h
|
||||
|
||||
private $server;
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
public function checkRateLimit($user, $request, $response, $action) {
|
||||
$server = $this->getServer($request);
|
||||
if ($server !== null) {
|
||||
return;
|
||||
}
|
||||
|
||||
$ip = $request->getUserIP();
|
||||
$key = $this->buildKey($ip);
|
||||
|
||||
$redis = $this->getRedis();
|
||||
$countRequests = intval($redis->executeCommand('INCR', [$key]));
|
||||
if ($countRequests === 1) {
|
||||
$redis->executeCommand('EXPIRE', [$key, $this->limitTime]);
|
||||
}
|
||||
|
||||
if ($countRequests > $this->limit) {
|
||||
throw new TooManyRequestsHttpException($this->errorMessage);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \yii\redis\Connection
|
||||
*/
|
||||
public function getRedis() {
|
||||
return Yii::$app->redis;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Request $request
|
||||
* @return OauthClient|null
|
||||
*/
|
||||
protected function getServer(Request $request) {
|
||||
$serverId = $request->get('server_id');
|
||||
if ($serverId === null) {
|
||||
$this->server = false;
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($this->server === null) {
|
||||
/** @var OauthClient $server */
|
||||
$this->server = OauthClient::findOne($serverId);
|
||||
// TODO: убедится, что это сервер
|
||||
if ($this->server === null) {
|
||||
$this->server = false;
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->server === false) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $this->server;
|
||||
}
|
||||
|
||||
protected function buildKey($ip) : string {
|
||||
return 'sessionserver:ratelimit:' . $ip;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,78 @@
|
||||
<?php
|
||||
namespace tests\codeception\api\unit\modules\session\filters;
|
||||
|
||||
use api\modules\session\filters\RateLimiter;
|
||||
use common\models\OauthClient;
|
||||
use Faker\Provider\Internet;
|
||||
use tests\codeception\api\unit\TestCase;
|
||||
use Yii;
|
||||
use yii\redis\Connection;
|
||||
use yii\web\Request;
|
||||
|
||||
class RateLimiterTest extends TestCase {
|
||||
|
||||
public function testCheckRateLimiterWithValidServerId() {
|
||||
/** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */
|
||||
$redis = $this->getMockBuilder(Connection::class)
|
||||
->setMethods(['executeCommand'])
|
||||
->getMock();
|
||||
|
||||
$redis->expects($this->never())
|
||||
->method('executeCommand');
|
||||
|
||||
Yii::$app->set('redis', $redis);
|
||||
|
||||
/** @var RateLimiter|\PHPUnit_Framework_MockObject_MockObject $filter */
|
||||
$filter = $this->getMockBuilder(RateLimiter::class)
|
||||
->setMethods(['getServer'])
|
||||
->getMock();
|
||||
|
||||
$filter->expects($this->any())
|
||||
->method('getServer')
|
||||
->will($this->returnValue(new OauthClient()));
|
||||
|
||||
$filter->checkRateLimit(null, new Request(), null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \yii\web\TooManyRequestsHttpException
|
||||
*/
|
||||
public function testCheckRateLimiter() {
|
||||
/** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */
|
||||
$redis = $this->getMockBuilder(Connection::class)
|
||||
->setMethods(['executeCommand'])
|
||||
->getMock();
|
||||
|
||||
$redis->expects($this->exactly(5))
|
||||
->method('executeCommand')
|
||||
->will($this->onConsecutiveCalls('1', '1', '2', '3', '4'));
|
||||
|
||||
Yii::$app->set('redis', $redis);
|
||||
|
||||
/** @var Request|\PHPUnit_Framework_MockObject_MockObject $request */
|
||||
$request = $this->getMockBuilder(Request::class)
|
||||
->setMethods(['getUserIP'])
|
||||
->getMock();
|
||||
|
||||
$request->expects($this->any())
|
||||
->method('getUserIp')
|
||||
->will($this->returnValue(Internet::localIpv4()));
|
||||
|
||||
/** @var RateLimiter|\PHPUnit_Framework_MockObject_MockObject $filter */
|
||||
$filter = $this->getMockBuilder(RateLimiter::class)
|
||||
->setConstructorArgs([[
|
||||
'limit' => 3,
|
||||
]])
|
||||
->setMethods(['getServer'])
|
||||
->getMock();
|
||||
|
||||
$filter->expects($this->any())
|
||||
->method('getServer')
|
||||
->will($this->returnValue(null));
|
||||
|
||||
for ($i = 0; $i < 5; $i++) {
|
||||
$filter->checkRateLimit(null, $request, null, null);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user