Добавлен рейт-лимитер для запросов к hasJoined для незарегистрированных серверов

2025-05-31 14:11:46 +05:30 · 2016-09-06 20:10:42 +03:00
parent 68ce8b3fb6
commit 6e15522140
4 changed files with 161 additions and 1 deletions
--- a/api/modules/session/controllers/SessionController.php
+++ b/api/modules/session/controllers/SessionController.php
@@ -4,6 +4,7 @@ namespace api\modules\session\controllers;
 use api\controllers\ApiController;
 use api\modules\session\exceptions\ForbiddenOperationException;
 use api\modules\session\exceptions\SessionServerException;
+use api\modules\session\filters\RateLimiter;
 use api\modules\session\models\HasJoinedForm;
 use api\modules\session\models\JoinForm;
 use api\modules\session\models\protocols\LegacyJoin;
@@ -18,6 +19,10 @@ class SessionController extends ApiController {
    public function behaviors() {
        $behaviors = parent::behaviors();
        unset($behaviors['authenticator']);
+        $behaviors['rateLimiting'] = [
+            'class' => RateLimiter::class,
+            'only' => ['has-joined', 'has-joined-legacy'],
+        ];

        return $behaviors;
    }
--- a/api/modules/session/filters/RateLimiter.php
+++ b/api/modules/session/filters/RateLimiter.php
@@ -0,0 +1,77 @@
+<?php
+namespace api\modules\session\filters;
+
+use common\models\OauthClient;
+use Yii;
+use yii\web\Request;
+use yii\web\TooManyRequestsHttpException;
+
+class RateLimiter extends \yii\filters\RateLimiter {
+
+    public $limit = 180;
+    public $limitTime = 3600; // 1h
+
+    private $server;
+
+    /**
+     * @inheritdoc
+     */
+    public function checkRateLimit($user, $request, $response, $action) {
+        $server = $this->getServer($request);
+        if ($server !== null) {
+            return;
+        }
+
+        $ip = $request->getUserIP();
+        $key = $this->buildKey($ip);
+
+        $redis = $this->getRedis();
+        $countRequests = intval($redis->executeCommand('INCR', [$key]));
+        if ($countRequests === 1) {
+            $redis->executeCommand('EXPIRE', [$key, $this->limitTime]);
+        }
+
+        if ($countRequests > $this->limit) {
+            throw new TooManyRequestsHttpException($this->errorMessage);
+        }
+    }
+
+    /**
+     * @return \yii\redis\Connection
+     */
+    public function getRedis() {
+        return Yii::$app->redis;
+    }
+
+    /**
+     * @param Request $request
+     * @return OauthClient|null
+     */
+    protected function getServer(Request $request) {
+        $serverId = $request->get('server_id');
+        if ($serverId === null) {
+            $this->server = false;
+            return null;
+        }
+
+        if ($this->server === null) {
+            /** @var OauthClient $server */
+            $this->server = OauthClient::findOne($serverId);
+            // TODO: убедится, что это сервер
+            if ($this->server === null) {
+                $this->server = false;
+            }
+        }
+
+        if ($this->server === false) {
+            return null;
+        }
+
+        return $this->server;
+    }
+
+    protected function buildKey($ip) : string {
+        return 'sessionserver:ratelimit:' . $ip;
+    }
+
+}