diff --git a/api/modules/session/filters/RateLimiter.php b/api/modules/session/filters/RateLimiter.php index 8e2f239..cc912b8 100644 --- a/api/modules/session/filters/RateLimiter.php +++ b/api/modules/session/filters/RateLimiter.php @@ -3,6 +3,7 @@ namespace api\modules\session\filters; use common\models\OauthClient; use Yii; +use yii\base\InvalidConfigException; use yii\web\Request; use yii\web\TooManyRequestsHttpException; @@ -11,12 +12,43 @@ class RateLimiter extends \yii\filters\RateLimiter { public $limit = 180; public $limitTime = 3600; // 1h + public $authserverDomain; + private $server; + public function init() { + parent::init(); + if ($this->authserverDomain === null) { + $this->authserverDomain = Yii::$app->params['authserverDomain'] ?? null; + } + + if ($this->authserverDomain === null) { + throw new InvalidConfigException('authserverDomain param is required'); + } + } + + /** + * @inheritdoc + */ + public function beforeAction($action) { + $this->checkRateLimit( + null, + $this->request ?: Yii::$app->getRequest(), + $this->response ?: Yii::$app->getResponse(), + $action + ); + + return true; + } + /** * @inheritdoc */ public function checkRateLimit($user, $request, $response, $action) { + if ($request->getHostInfo() === $this->authserverDomain) { + return; + } + $server = $this->getServer($request); if ($server !== null) { return; diff --git a/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php b/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php index 10fa675..e99a699 100644 --- a/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php +++ b/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php @@ -11,7 +11,7 @@ use yii\web\Request; class RateLimiterTest extends TestCase { - public function testCheckRateLimiterWithValidServerId() { + public function testCheckRateLimiterWithOldAuthserver() { /** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */ $redis = $this->getMockBuilder(Connection::class) ->setMethods(['executeCommand']) @@ -34,6 +34,30 @@ class RateLimiterTest extends TestCase { $filter->checkRateLimit(null, new Request(), null, null); } + public function testCheckRateLimiterWithValidServerId() { + /** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */ + $redis = $this->getMockBuilder(Connection::class) + ->setMethods(['executeCommand']) + ->getMock(); + + $redis->expects($this->never()) + ->method('executeCommand'); + + Yii::$app->set('redis', $redis); + + /** @var Request|\PHPUnit_Framework_MockObject_MockObject $request */ + $request = $this->getMockBuilder(Request::class) + ->setMethods(['getHostInfo']) + ->getMock(); + + $request->expects($this->any()) + ->method('getHostInfo') + ->will($this->returnValue('http://authserver.ely.by')); + + $filter = new RateLimiter(); + $filter->checkRateLimit(null, $request, null, null); + } + /** * @expectedException \yii\web\TooManyRequestsHttpException */ diff --git a/tests/codeception/config/api/config.php b/tests/codeception/config/api/config.php index 86797ca..7c3a3d0 100644 --- a/tests/codeception/config/api/config.php +++ b/tests/codeception/config/api/config.php @@ -9,4 +9,7 @@ return [ 'secret' => 'private-key', ], ], + 'params' => [ + 'authserverDomain' => 'http://authserver.ely.by', + ], ];