Добавлен рейт-лимитер для запросов к hasJoined для незарегистрированных серверов

api/components/User/Component.php

@@ -22,7 +22,7 @@ use yii\web\User as YiiUserComponent;
  * @property AccountSession|null $activeSession
  * @property AccountIdentity|null $identity
  *
- * @method AccountIdentity|null getIdentity()
+ * @method AccountIdentity|null getIdentity($autoRenew = true)
  */
 class Component extends YiiUserComponent {
 

api/modules/session/controllers/SessionController.php

@@ -4,6 +4,7 @@ namespace api\modules\session\controllers;
 use api\controllers\ApiController;
 use api\modules\session\exceptions\ForbiddenOperationException;
 use api\modules\session\exceptions\SessionServerException;
+use api\modules\session\filters\RateLimiter;
 use api\modules\session\models\HasJoinedForm;
 use api\modules\session\models\JoinForm;
 use api\modules\session\models\protocols\LegacyJoin;
@@ -18,6 +19,10 @@ class SessionController extends ApiController {
     public function behaviors() {
         $behaviors = parent::behaviors();
         unset($behaviors['authenticator']);
+        $behaviors['rateLimiting'] = [
+            'class' => RateLimiter::class,
+            'only' => ['has-joined', 'has-joined-legacy'],
+        ];
 
         return $behaviors;
     }

api/modules/session/filters/RateLimiter.php

@@ -0,0 +1,77 @@
+<?php
+namespace api\modules\session\filters;
+
+use common\models\OauthClient;
+use Yii;
+use yii\web\Request;
+use yii\web\TooManyRequestsHttpException;
+
+class RateLimiter extends \yii\filters\RateLimiter {
+
+    public $limit = 180;
+    public $limitTime = 3600; // 1h
+
+    private $server;
+
+    /**
+     * @inheritdoc
+     */
+    public function checkRateLimit($user, $request, $response, $action) {
+        $server = $this->getServer($request);
+        if ($server !== null) {
+            return;
+        }
+
+        $ip = $request->getUserIP();
+        $key = $this->buildKey($ip);
+
+        $redis = $this->getRedis();
+        $countRequests = intval($redis->executeCommand('INCR', [$key]));
+        if ($countRequests === 1) {
+            $redis->executeCommand('EXPIRE', [$key, $this->limitTime]);
+        }
+
+        if ($countRequests > $this->limit) {
+            throw new TooManyRequestsHttpException($this->errorMessage);
+        }
+    }
+
+    /**
+     * @return \yii\redis\Connection
+     */
+    public function getRedis() {
+        return Yii::$app->redis;
+    }
+
+    /**
+     * @param Request $request
+     * @return OauthClient|null
+     */
+    protected function getServer(Request $request) {
+        $serverId = $request->get('server_id');
+        if ($serverId === null) {
+            $this->server = false;
+            return null;
+        }
+
+        if ($this->server === null) {
+            /** @var OauthClient $server */
+            $this->server = OauthClient::findOne($serverId);
+            // TODO: убедится, что это сервер
+            if ($this->server === null) {
+                $this->server = false;
+            }
+        }
+
+        if ($this->server === false) {
+            return null;
+        }
+
+        return $this->server;
+    }
+
+    protected function buildKey($ip) : string {
+        return 'sessionserver:ratelimit:' . $ip;
+    }
+
+}

tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php

@@ -0,0 +1,78 @@
+<?php
+namespace tests\codeception\api\unit\modules\session\filters;
+
+use api\modules\session\filters\RateLimiter;
+use common\models\OauthClient;
+use Faker\Provider\Internet;
+use tests\codeception\api\unit\TestCase;
+use Yii;
+use yii\redis\Connection;
+use yii\web\Request;
+
+class RateLimiterTest extends TestCase {
+
+    public function testCheckRateLimiterWithValidServerId() {
+        /** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */
+        $redis = $this->getMockBuilder(Connection::class)
+            ->setMethods(['executeCommand'])
+            ->getMock();
+
+        $redis->expects($this->never())
+            ->method('executeCommand');
+
+        Yii::$app->set('redis', $redis);
+
+        /** @var RateLimiter|\PHPUnit_Framework_MockObject_MockObject $filter */
+        $filter = $this->getMockBuilder(RateLimiter::class)
+            ->setMethods(['getServer'])
+            ->getMock();
+
+        $filter->expects($this->any())
+            ->method('getServer')
+            ->will($this->returnValue(new OauthClient()));
+
+        $filter->checkRateLimit(null, new Request(), null, null);
+    }
+
+    /**
+     * @expectedException \yii\web\TooManyRequestsHttpException
+     */
+    public function testCheckRateLimiter() {
+        /** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */
+        $redis = $this->getMockBuilder(Connection::class)
+            ->setMethods(['executeCommand'])
+            ->getMock();
+
+        $redis->expects($this->exactly(5))
+            ->method('executeCommand')
+            ->will($this->onConsecutiveCalls('1', '1', '2', '3', '4'));
+
+        Yii::$app->set('redis', $redis);
+
+        /** @var Request|\PHPUnit_Framework_MockObject_MockObject $request */
+        $request = $this->getMockBuilder(Request::class)
+            ->setMethods(['getUserIP'])
+            ->getMock();
+
+        $request->expects($this->any())
+            ->method('getUserIp')
+            ->will($this->returnValue(Internet::localIpv4()));
+
+        /** @var RateLimiter|\PHPUnit_Framework_MockObject_MockObject $filter */
+        $filter = $this->getMockBuilder(RateLimiter::class)
+            ->setConstructorArgs([[
+                'limit' => 3,
+            ]])
+            ->setMethods(['getServer'])
+            ->getMock();
+
+        $filter->expects($this->any())
+            ->method('getServer')
+            ->will($this->returnValue(null));
+
+        for ($i = 0; $i < 5; $i++) {
+            $filter->checkRateLimit(null, $request, null, null);
+        }
+    }
+
+}