github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-11-24 23:29:09 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add flood control

Browse Source 
closes #271
This commit is contained in:
Toby Zerner 2015-10-22 16:57:48 +10:30
parent c0364cbc9d
commit 415b68f84f
5 changed files with 114 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/lib/App.js
View File

@ -263,6 +263,10 @@ export default class App {
children = app.translator.trans('core.lib.error.not_found_message');
break;
case 429:
children = app.translator.trans('core.lib.error.rate_limit_exceeded_message');
break;
default:
children = app.translator.trans('core.lib.error.generic_message');
}

2
src/Core/Command/StartDiscussionHandler.php
View File

@ -60,7 +60,7 @@ class StartDiscussionHandler
$this->assertCan($actor, 'startDiscussion');
// Create a new Discussion entity, persist it, and dispatch domain
// events. Before persistance, though, fire an event to give plugins
// events. Before persistence, though, fire an event to give plugins
// an opportunity to alter the discussion entity based on data in the
// command they may have passed through in the controller.
$discussion = Discussion::start(

1
src/Core/CoreServiceProvider.php
View File

@ -91,6 +91,7 @@ class CoreServiceProvider extends AbstractServiceProvider
$events->subscribe('Flarum\Core\Listener\UserMetadataUpdater');
$events->subscribe('Flarum\Core\Listener\EmailConfirmationMailer');
$events->subscribe('Flarum\Core\Listener\DiscussionRenamedNotifier');
$events->subscribe('Flarum\Core\Listener\FloodController');
$events->subscribe('Flarum\Core\Access\DiscussionPolicy');
$events->subscribe('Flarum\Core\Access\GroupPolicy');

33
src/Core/Exception/FloodingException.php Normal file
View File

@ -0,0 +1,33 @@
<?php
/*
* This file is part of Flarum.
*
* (c) Toby Zerner <toby.zerner@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Flarum\Core\Exception;
use Exception;
use Tobscure\JsonApi\Exception\JsonApiSerializableInterface;
class FloodingException extends Exception implements JsonApiSerializableInterface
{
/**
* {@inheritdoc}
*/
public function getStatusCode()
{
return 429;
}
/**
* {@inheritdoc}
*/
public function getErrors()
{
return [];
}
}

75
src/Core/Listener/FloodController.php Executable file
View File

@ -0,0 +1,75 @@
<?php
/*
* This file is part of Flarum.
*
* (c) Toby Zerner <toby.zerner@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Flarum\Core\Listener;
use DateTime;
use Flarum\Core\Exception\FloodingException;
use Flarum\Core\Post;
use Flarum\Core\User;
use Flarum\Event\DiscussionWillBeSaved;
use Flarum\Event\PostWillBeSaved;
use Illuminate\Contracts\Events\Dispatcher;
class FloodController
{
/**
* @param Dispatcher $events
*/
public function subscribe(Dispatcher $events)
{
$events->listen(DiscussionWillBeSaved::class, [$this, 'whenDiscussionWillBeSaved']);
$events->listen(PostWillBeSaved::class, [$this, 'whenPostWillBeSaved']);
}
/**
* @param DiscussionWillBeSaved $event
*/
public function whenDiscussionWillBeSaved(DiscussionWillBeSaved $event)
{
if ($event->discussion->exists) {
return;
}
$this->assertNotFlooding($event->actor);
}
/**
* @param PostWillBeSaved $event
*/
public function whenPostWillBeSaved(PostWillBeSaved $event)
{
if ($event->post->exists) {
return;
}
$this->assertNotFlooding($event->actor);
}
/**
* @param User $actor
* @throws FloodingException
*/
protected function assertNotFlooding(User $actor)
{
if ($this->isFlooding($actor)) {
throw new FloodingException;
}
}
/**
* @param User $actor
* @return bool
*/
protected function isFlooding(User $actor)
{
return Post::where('user_id', $actor->id)->where('time', '>=', new DateTime('-10 seconds'))->exists();
}
}