mirror of
https://github.com/flarum/framework.git
synced 2025-03-02 23:18:56 +08:00
Move flood control from core to API layer
This means that flood control can be disabled depending on the nature of the request (i.e. when authenticated using a master API key). The particular use case for this is to allow using the API to migrate data from an old forum.
This commit is contained in:
Toby Zerner
parent
cc08e135e6
commit
b3b7ed71fa
@ -12,6 +12,7 @@ namespace Flarum\Api\Controller;
|
|||||||
|
|
||||||
use Flarum\Core\Command\StartDiscussion;
|
use Flarum\Core\Command\StartDiscussion;
|
||||||
use Flarum\Core\Command\ReadDiscussion;
|
use Flarum\Core\Command\ReadDiscussion;
|
||||||
|
use Flarum\Core\Post\Floodgate;
|
||||||
use Illuminate\Contracts\Bus\Dispatcher;
|
use Illuminate\Contracts\Bus\Dispatcher;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Tobscure\JsonApi\Document;
|
use Tobscure\JsonApi\Document;
|
||||||
@ -40,11 +41,18 @@ class CreateDiscussionController extends AbstractCreateController
|
|||||||
protected $bus;
|
protected $bus;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param Dispatcher $bus
|
* @var Floodgate
|
||||||
*/
|
*/
|
||||||
public function __construct(Dispatcher $bus)
|
protected $floodgate;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Dispatcher $bus
|
||||||
|
* @param Floodgate $floodgate
|
||||||
|
*/
|
||||||
|
public function __construct(Dispatcher $bus, Floodgate $floodgate)
|
||||||
{
|
{
|
||||||
$this->bus = $bus;
|
$this->bus = $bus;
|
||||||
|
$this->floodgate = $floodgate;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -54,6 +62,10 @@ class CreateDiscussionController extends AbstractCreateController
|
|||||||
{
|
{
|
||||||
$actor = $request->getAttribute('actor');
|
$actor = $request->getAttribute('actor');
|
||||||
|
|
||||||
|
if (! $request->getAttribute('bypassFloodgate')) {
|
||||||
|
$this->floodgate->assertNotFlooding($actor);
|
||||||
|
}
|
||||||
|
|
||||||
$discussion = $this->bus->dispatch(
|
$discussion = $this->bus->dispatch(
|
||||||
new StartDiscussion($actor, array_get($request->getParsedBody(), 'data', []))
|
new StartDiscussion($actor, array_get($request->getParsedBody(), 'data', []))
|
||||||
);
|
);
|
||||||
|
|||||||
@ -12,6 +12,7 @@ namespace Flarum\Api\Controller;
|
|||||||
|
|
||||||
use Flarum\Core\Command\PostReply;
|
use Flarum\Core\Command\PostReply;
|
||||||
use Flarum\Core\Command\ReadDiscussion;
|
use Flarum\Core\Command\ReadDiscussion;
|
||||||
|
use Flarum\Core\Post\Floodgate;
|
||||||
use Illuminate\Contracts\Bus\Dispatcher;
|
use Illuminate\Contracts\Bus\Dispatcher;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Tobscure\JsonApi\Document;
|
use Tobscure\JsonApi\Document;
|
||||||
@ -39,11 +40,18 @@ class CreatePostController extends AbstractCreateController
|
|||||||
protected $bus;
|
protected $bus;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param Dispatcher $bus
|
* @var Floodgate
|
||||||
*/
|
*/
|
||||||
public function __construct(Dispatcher $bus)
|
protected $floodgate;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Dispatcher $bus
|
||||||
|
* @param Floodgate $floodgate
|
||||||
|
*/
|
||||||
|
public function __construct(Dispatcher $bus, Floodgate $floodgate)
|
||||||
{
|
{
|
||||||
$this->bus = $bus;
|
$this->bus = $bus;
|
||||||
|
$this->floodgate = $floodgate;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -56,6 +64,10 @@ class CreatePostController extends AbstractCreateController
|
|||||||
$discussionId = array_get($data, 'relationships.discussion.data.id');
|
$discussionId = array_get($data, 'relationships.discussion.data.id');
|
||||||
$ipAddress = array_get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
|
$ipAddress = array_get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
|
||||||
|
|
||||||
|
if (! $request->getAttribute('bypassFloodgate')) {
|
||||||
|
$this->floodgate->assertNotFlooding($actor);
|
||||||
|
}
|
||||||
|
|
||||||
$post = $this->bus->dispatch(
|
$post = $this->bus->dispatch(
|
||||||
new PostReply($discussionId, $actor, $data, $ipAddress)
|
new PostReply($discussionId, $actor, $data, $ipAddress)
|
||||||
);
|
);
|
||||||
|
|||||||
@ -95,7 +95,6 @@ class CoreServiceProvider extends AbstractServiceProvider
|
|||||||
$events->subscribe('Flarum\Core\Listener\UserMetadataUpdater');
|
$events->subscribe('Flarum\Core\Listener\UserMetadataUpdater');
|
||||||
$events->subscribe('Flarum\Core\Listener\EmailConfirmationMailer');
|
$events->subscribe('Flarum\Core\Listener\EmailConfirmationMailer');
|
||||||
$events->subscribe('Flarum\Core\Listener\DiscussionRenamedNotifier');
|
$events->subscribe('Flarum\Core\Listener\DiscussionRenamedNotifier');
|
||||||
$events->subscribe('Flarum\Core\Listener\FloodController');
|
|
||||||
|
|
||||||
$events->subscribe('Flarum\Core\Access\DiscussionPolicy');
|
$events->subscribe('Flarum\Core\Access\DiscussionPolicy');
|
||||||
$events->subscribe('Flarum\Core\Access\GroupPolicy');
|
$events->subscribe('Flarum\Core\Access\GroupPolicy');
|
||||||
|
|||||||
@ -1,75 +0,0 @@
|
|||||||
<?php
|
|
||||||
/*
|
|
||||||
* This file is part of Flarum.
|
|
||||||
*
|
|
||||||
* (c) Toby Zerner <toby.zerner@gmail.com>
|
|
||||||
*
|
|
||||||
* For the full copyright and license information, please view the LICENSE
|
|
||||||
* file that was distributed with this source code.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Flarum\Core\Listener;
|
|
||||||
|
|
||||||
use DateTime;
|
|
||||||
use Flarum\Core\Exception\FloodingException;
|
|
||||||
use Flarum\Core\Post;
|
|
||||||
use Flarum\Core\User;
|
|
||||||
use Flarum\Event\DiscussionWillBeSaved;
|
|
||||||
use Flarum\Event\PostWillBeSaved;
|
|
||||||
use Illuminate\Contracts\Events\Dispatcher;
|
|
||||||
|
|
||||||
class FloodController
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* @param Dispatcher $events
|
|
||||||
*/
|
|
||||||
public function subscribe(Dispatcher $events)
|
|
||||||
{
|
|
||||||
$events->listen(DiscussionWillBeSaved::class, [$this, 'whenDiscussionWillBeSaved']);
|
|
||||||
$events->listen(PostWillBeSaved::class, [$this, 'whenPostWillBeSaved']);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param DiscussionWillBeSaved $event
|
|
||||||
*/
|
|
||||||
public function whenDiscussionWillBeSaved(DiscussionWillBeSaved $event)
|
|
||||||
{
|
|
||||||
if ($event->discussion->exists) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->assertNotFlooding($event->actor);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param PostWillBeSaved $event
|
|
||||||
*/
|
|
||||||
public function whenPostWillBeSaved(PostWillBeSaved $event)
|
|
||||||
{
|
|
||||||
if ($event->post->exists) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->assertNotFlooding($event->actor);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param User $actor
|
|
||||||
* @throws FloodingException
|
|
||||||
*/
|
|
||||||
protected function assertNotFlooding(User $actor)
|
|
||||||
{
|
|
||||||
if ($this->isFlooding($actor)) {
|
|
||||||
throw new FloodingException;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param User $actor
|
|
||||||
* @return bool
|
|
||||||
*/
|
|
||||||
protected function isFlooding(User $actor)
|
|
||||||
{
|
|
||||||
return Post::where('user_id', $actor->id)->where('time', '>=', new DateTime('-10 seconds'))->exists();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
39
framework/core/src/Core/Post/Floodgate.php
Normal file
39
framework/core/src/Core/Post/Floodgate.php
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
<?php
|
||||||
|
/*
|
||||||
|
* This file is part of Flarum.
|
||||||
|
*
|
||||||
|
* (c) Toby Zerner <toby.zerner@gmail.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Flarum\Core\Post;
|
||||||
|
|
||||||
|
use DateTime;
|
||||||
|
use Flarum\Core\Exception\FloodingException;
|
||||||
|
use Flarum\Core\Post;
|
||||||
|
use Flarum\Core\User;
|
||||||
|
|
||||||
|
class Floodgate
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @param User $actor
|
||||||
|
* @throws FloodingException
|
||||||
|
*/
|
||||||
|
public function assertNotFlooding(User $actor)
|
||||||
|
{
|
||||||
|
if ($this->isFlooding($actor)) {
|
||||||
|
throw new FloodingException;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $actor
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function isFlooding(User $actor)
|
||||||
|
{
|
||||||
|
return Post::where('user_id', $actor->id)->where('time', '>=', new DateTime('-10 seconds'))->exists();
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -40,6 +40,8 @@ class AuthenticateWithHeader implements MiddlewareInterface
|
|||||||
if (isset($parts[1])) {
|
if (isset($parts[1])) {
|
||||||
if (ApiKey::find($id)) {
|
if (ApiKey::find($id)) {
|
||||||
$actor = $this->getUser($parts[1]);
|
$actor = $this->getUser($parts[1]);
|
||||||
|
|
||||||
|
$request = $request->withAttribute('bypassFloodgate', true);
|
||||||
}
|
}
|
||||||
} elseif ($token = AccessToken::find($id)) {
|
} elseif ($token = AccessToken::find($id)) {
|
||||||
$token->touch();
|
$token->touch();
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user