From d2fd803b0d6287ce0d0f9ff1615d8226f8d7f5b9 Mon Sep 17 00:00:00 2001 From: ErickSkrauch Date: Thu, 8 Sep 2016 19:06:44 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9E=D1=82=D0=BA=D0=BB=D1=8E=D1=87=D0=B0?= =?UTF-8?q?=D0=B5=D0=BC=20RateLimiter=20=D0=B4=D0=BB=D1=8F=20=D0=B7=D0=B0?= =?UTF-8?q?=D0=BF=D1=80=D0=BE=D1=81=D0=BE=D0=B2,=20=D1=87=D1=82=D0=BE=20?= =?UTF-8?q?=D0=B8=D0=B4=D1=83=D1=82=20=D1=81=20=D1=85=D0=BE=D1=81=D1=82?= =?UTF-8?q?=D0=B0=20=D1=81=D1=82=D0=B0=D1=80=D0=BE=D0=B3=D0=BE=20=D1=81?= =?UTF-8?q?=D0=B5=D1=80=D0=B2=D0=B5=D1=80=D0=B0=20=D0=B0=D0=B2=D1=82=D0=BE?= =?UTF-8?q?=D1=80=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D0=B8,=20=D0=BD=D0=BE=20?= =?UTF-8?q?=D0=B2=D0=BA=D0=BB=D1=8E=D1=87=D0=B0=D0=B5=D0=BC=20=D0=B4=D0=BB?= =?UTF-8?q?=D1=8F=20=D0=BE=D1=81=D1=82=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D1=85?= =?UTF-8?q?=20(=D1=84=D0=B8=D0=BA=D1=81=20=D0=B4=D0=BB=D1=8F=20beforeActio?= =?UTF-8?q?n)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/modules/session/filters/RateLimiter.php | 32 +++++++++++++++++++ .../session/filters/RateLimiterTest.php | 26 ++++++++++++++- tests/codeception/config/api/config.php | 3 ++ 3 files changed, 60 insertions(+), 1 deletion(-) diff --git a/api/modules/session/filters/RateLimiter.php b/api/modules/session/filters/RateLimiter.php index 8e2f239..cc912b8 100644 --- a/api/modules/session/filters/RateLimiter.php +++ b/api/modules/session/filters/RateLimiter.php @@ -3,6 +3,7 @@ namespace api\modules\session\filters; use common\models\OauthClient; use Yii; +use yii\base\InvalidConfigException; use yii\web\Request; use yii\web\TooManyRequestsHttpException; @@ -11,12 +12,43 @@ class RateLimiter extends \yii\filters\RateLimiter { public $limit = 180; public $limitTime = 3600; // 1h + public $authserverDomain; + private $server; + public function init() { + parent::init(); + if ($this->authserverDomain === null) { + $this->authserverDomain = Yii::$app->params['authserverDomain'] ?? null; + } + + if ($this->authserverDomain === null) { + throw new InvalidConfigException('authserverDomain param is required'); + } + } + + /** + * @inheritdoc + */ + public function beforeAction($action) { + $this->checkRateLimit( + null, + $this->request ?: Yii::$app->getRequest(), + $this->response ?: Yii::$app->getResponse(), + $action + ); + + return true; + } + /** * @inheritdoc */ public function checkRateLimit($user, $request, $response, $action) { + if ($request->getHostInfo() === $this->authserverDomain) { + return; + } + $server = $this->getServer($request); if ($server !== null) { return; diff --git a/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php b/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php index 10fa675..e99a699 100644 --- a/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php +++ b/tests/codeception/api/unit/modules/session/filters/RateLimiterTest.php @@ -11,7 +11,7 @@ use yii\web\Request; class RateLimiterTest extends TestCase { - public function testCheckRateLimiterWithValidServerId() { + public function testCheckRateLimiterWithOldAuthserver() { /** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */ $redis = $this->getMockBuilder(Connection::class) ->setMethods(['executeCommand']) @@ -34,6 +34,30 @@ class RateLimiterTest extends TestCase { $filter->checkRateLimit(null, new Request(), null, null); } + public function testCheckRateLimiterWithValidServerId() { + /** @var Connection|\PHPUnit_Framework_MockObject_MockObject $redis */ + $redis = $this->getMockBuilder(Connection::class) + ->setMethods(['executeCommand']) + ->getMock(); + + $redis->expects($this->never()) + ->method('executeCommand'); + + Yii::$app->set('redis', $redis); + + /** @var Request|\PHPUnit_Framework_MockObject_MockObject $request */ + $request = $this->getMockBuilder(Request::class) + ->setMethods(['getHostInfo']) + ->getMock(); + + $request->expects($this->any()) + ->method('getHostInfo') + ->will($this->returnValue('http://authserver.ely.by')); + + $filter = new RateLimiter(); + $filter->checkRateLimit(null, $request, null, null); + } + /** * @expectedException \yii\web\TooManyRequestsHttpException */ diff --git a/tests/codeception/config/api/config.php b/tests/codeception/config/api/config.php index 86797ca..7c3a3d0 100644 --- a/tests/codeception/config/api/config.php +++ b/tests/codeception/config/api/config.php @@ -9,4 +9,7 @@ return [ 'secret' => 'private-key', ], ], + 'params' => [ + 'authserverDomain' => 'http://authserver.ely.by', + ], ];