mirror of
https://github.com/flarum/framework.git
synced 2024-12-04 00:03:37 +08:00
Move flood control from core to API layer
This means that flood control can be disabled depending on the nature of the request (i.e. when authenticated using a master API key). The particular use case for this is to allow using the API to migrate data from an old forum.
This commit is contained in:
Toby Zerner
parent
cc08e135e6
commit
b3b7ed71fa
|
|
@ -12,6 +12,7 @@ namespace Flarum\Api\Controller;
|
|||
|
||||
use Flarum\Core\Command\StartDiscussion;
|
||||
use Flarum\Core\Command\ReadDiscussion;
|
||||
use Flarum\Core\Post\Floodgate;
|
||||
use Illuminate\Contracts\Bus\Dispatcher;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Tobscure\JsonApi\Document;
|
||||
|
|
@ -40,11 +41,18 @@ class CreateDiscussionController extends AbstractCreateController
|
|||
protected $bus;
|
||||
|
||||
/**
|
||||
* @param Dispatcher $bus
|
||||
* @var Floodgate
|
||||
*/
|
||||
public function __construct(Dispatcher $bus)
|
||||
protected $floodgate;
|
||||
|
||||
/**
|
||||
* @param Dispatcher $bus
|
||||
* @param Floodgate $floodgate
|
||||
*/
|
||||
public function __construct(Dispatcher $bus, Floodgate $floodgate)
|
||||
{
|
||||
$this->bus = $bus;
|
||||
$this->floodgate = $floodgate;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -54,6 +62,10 @@ class CreateDiscussionController extends AbstractCreateController
|
|||
{
|
||||
$actor = $request->getAttribute('actor');
|
||||
|
||||
if (! $request->getAttribute('bypassFloodgate')) {
|
||||
$this->floodgate->assertNotFlooding($actor);
|
||||
}
|
||||
|
||||
$discussion = $this->bus->dispatch(
|
||||
new StartDiscussion($actor, array_get($request->getParsedBody(), 'data', []))
|
||||
);
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ namespace Flarum\Api\Controller;
|
|||
|
||||
use Flarum\Core\Command\PostReply;
|
||||
use Flarum\Core\Command\ReadDiscussion;
|
||||
use Flarum\Core\Post\Floodgate;
|
||||
use Illuminate\Contracts\Bus\Dispatcher;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Tobscure\JsonApi\Document;
|
||||
|
|
@ -39,11 +40,18 @@ class CreatePostController extends AbstractCreateController
|
|||
protected $bus;
|
||||
|
||||
/**
|
||||
* @param Dispatcher $bus
|
||||
* @var Floodgate
|
||||
*/
|
||||
public function __construct(Dispatcher $bus)
|
||||
protected $floodgate;
|
||||
|
||||
/**
|
||||
* @param Dispatcher $bus
|
||||
* @param Floodgate $floodgate
|
||||
*/
|
||||
public function __construct(Dispatcher $bus, Floodgate $floodgate)
|
||||
{
|
||||
$this->bus = $bus;
|
||||
$this->floodgate = $floodgate;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -56,6 +64,10 @@ class CreatePostController extends AbstractCreateController
|
|||
$discussionId = array_get($data, 'relationships.discussion.data.id');
|
||||
$ipAddress = array_get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
|
||||
|
||||
if (! $request->getAttribute('bypassFloodgate')) {
|
||||
$this->floodgate->assertNotFlooding($actor);
|
||||
}
|
||||
|
||||
$post = $this->bus->dispatch(
|
||||
new PostReply($discussionId, $actor, $data, $ipAddress)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -95,7 +95,6 @@ class CoreServiceProvider extends AbstractServiceProvider
|
|||
$events->subscribe('Flarum\Core\Listener\UserMetadataUpdater');
|
||||
$events->subscribe('Flarum\Core\Listener\EmailConfirmationMailer');
|
||||
$events->subscribe('Flarum\Core\Listener\DiscussionRenamedNotifier');
|
||||
$events->subscribe('Flarum\Core\Listener\FloodController');
|
||||
|
||||
$events->subscribe('Flarum\Core\Access\DiscussionPolicy');
|
||||
$events->subscribe('Flarum\Core\Access\GroupPolicy');
|
||||
|
|
|
|||
|
|
@ -1,75 +0,0 @@
|
|||
<?php
|
||||
/*
|
||||
* This file is part of Flarum.
|
||||
*
|
||||
* (c) Toby Zerner <toby.zerner@gmail.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Flarum\Core\Listener;
|
||||
|
||||
use DateTime;
|
||||
use Flarum\Core\Exception\FloodingException;
|
||||
use Flarum\Core\Post;
|
||||
use Flarum\Core\User;
|
||||
use Flarum\Event\DiscussionWillBeSaved;
|
||||
use Flarum\Event\PostWillBeSaved;
|
||||
use Illuminate\Contracts\Events\Dispatcher;
|
||||
|
||||
class FloodController
|
||||
{
|
||||
/**
|
||||
* @param Dispatcher $events
|
||||
*/
|
||||
public function subscribe(Dispatcher $events)
|
||||
{
|
||||
$events->listen(DiscussionWillBeSaved::class, [$this, 'whenDiscussionWillBeSaved']);
|
||||
$events->listen(PostWillBeSaved::class, [$this, 'whenPostWillBeSaved']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param DiscussionWillBeSaved $event
|
||||
*/
|
||||
public function whenDiscussionWillBeSaved(DiscussionWillBeSaved $event)
|
||||
{
|
||||
if ($event->discussion->exists) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->assertNotFlooding($event->actor);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param PostWillBeSaved $event
|
||||
*/
|
||||
public function whenPostWillBeSaved(PostWillBeSaved $event)
|
||||
{
|
||||
if ($event->post->exists) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->assertNotFlooding($event->actor);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param User $actor
|
||||
* @throws FloodingException
|
||||
*/
|
||||
protected function assertNotFlooding(User $actor)
|
||||
{
|
||||
if ($this->isFlooding($actor)) {
|
||||
throw new FloodingException;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param User $actor
|
||||
* @return bool
|
||||
*/
|
||||
protected function isFlooding(User $actor)
|
||||
{
|
||||
return Post::where('user_id', $actor->id)->where('time', '>=', new DateTime('-10 seconds'))->exists();
|
||||
}
|
||||
}
|
||||
39
framework/core/src/Core/Post/Floodgate.php
Normal file
39
framework/core/src/Core/Post/Floodgate.php
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
<?php
|
||||
/*
|
||||
* This file is part of Flarum.
|
||||
*
|
||||
* (c) Toby Zerner <toby.zerner@gmail.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Flarum\Core\Post;
|
||||
|
||||
use DateTime;
|
||||
use Flarum\Core\Exception\FloodingException;
|
||||
use Flarum\Core\Post;
|
||||
use Flarum\Core\User;
|
||||
|
||||
class Floodgate
|
||||
{
|
||||
/**
|
||||
* @param User $actor
|
||||
* @throws FloodingException
|
||||
*/
|
||||
public function assertNotFlooding(User $actor)
|
||||
{
|
||||
if ($this->isFlooding($actor)) {
|
||||
throw new FloodingException;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param User $actor
|
||||
* @return bool
|
||||
*/
|
||||
public function isFlooding(User $actor)
|
||||
{
|
||||
return Post::where('user_id', $actor->id)->where('time', '>=', new DateTime('-10 seconds'))->exists();
|
||||
}
|
||||
}
|
||||
|
|
@ -40,6 +40,8 @@ class AuthenticateWithHeader implements MiddlewareInterface
|
|||
if (isset($parts[1])) {
|
||||
if (ApiKey::find($id)) {
|
||||
$actor = $this->getUser($parts[1]);
|
||||
|
||||
$request = $request->withAttribute('bypassFloodgate', true);
|
||||
}
|
||||
} elseif ($token = AccessToken::find($id)) {
|
||||
$token->touch();
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user