vendor/can/rest/src/Can/RestBundle/EventListener/RateLimitListener.php line 92

Open in your IDE?
  1. <?php
  3. namespace Can\RestBundle\EventListener;
  5. use Can\RestBundle\CanRestBundle;
  6. use Can\RestBundle\Incident\IncidentReporterInterface;
  7. use Can\RestBundle\Mapping\MetadataStoreInterface;
  8. use Can\RestBundle\RateLimit\RateLimit;
  9. use Can\RestBundle\RateLimit\RateLimitAbusedException;
  10. use Can\RestBundle\RateLimit\RateLimitConfiguration;
  11. use Can\RestBundle\RateLimit\RateLimitConstraint;
  12. use Can\RestBundle\RateLimit\RateLimitEntry;
  13. use Can\RestBundle\RateLimit\RateLimitEventDispatcher;
  14. use Can\RestBundle\RateLimit\RateLimitExceededException;
  15. use Can\RestBundle\RateLimit\RateLimitHandler;
  16. use Can\RestBundle\RateLimit\RateLimitPolicy;
  17. use Can\RestBundle\RateLimit\RateLimitRegistry;
  18. use Can\RestBundle\URI\ServiceNode;
  20. use Symfony\Component\HttpFoundation\Request;
  21. use Symfony\Component\HttpKernel\Event\RequestEvent;
  23. /**
  24.  * @group ratelimit
  25.  *
  26.  * @package can/rest-bundle
  27.  * @author lechecacharro <lechecacharro@gmail.com>
  28.  */
  29. class RateLimitListener
  30. {
  32.     /**
  33.      * @var RateLimitConfiguration
  34.      */
  35.     private $configuration;
  37.     /**
  38.      * @var RateLimitHandler
  39.      */
  40.     private $handler;
  42.     /**
  43.      * @var RateLimitEventDispatcher
  44.      */
  45.     private $dispatcher;
  47.     /**
  48.      * @var RateLimitRegistry
  49.      */
  50.     private $registry;
  52.     /**
  53.      * @var MetadataStoreInterface
  54.      */
  55.     private $metadataStore;
  57.     /**
  58.      * @var IncidentReporterInterface
  59.      */
  60.     private $reporter;
  62.     /**
  63.      * RateLimitListener constructor.
  64.      *
  65.      * @param RateLimitConfiguration    $configuration
  66.      * @param RateLimitHandler          $handler
  67.      * @param RateLimitEventDispatcher  $dispatcher
  68.      * @param RateLimitRegistry         $registry
  69.      * @param MetadataStoreInterface    $metadataStore
  70.      * @param IncidentReporterInterface $reporter
  71.      */
  72.     public function __construct(
  73.         RateLimitConfiguration $configuration,
  74.         RateLimitHandler $handler,
  75.         RateLimitEventDispatcher $dispatcher,
  76.         RateLimitRegistry $registry,
  77.         MetadataStoreInterface $metadataStore,
  78.         IncidentReporterInterface $reporter
  79.     )
  80.     {
  81.         $this->configuration $configuration;
  82.         $this->handler $handler;
  83.         $this->dispatcher $dispatcher;
  84.         $this->registry $registry;
  85.         $this->metadataStore $metadataStore;
  86.         $this->reporter $reporter;
  87.     }
  89.     /**
  90.      * @param RequestEvent $event
  91.      */
  92.     public function onRequest(RequestEvent $event): void
  93.     {
  94.         if (! $this->configuration->isEnabled()) {
  95.             return;
  96.         }
  98.         // Do process only the master request
  99.         if (! $event->isMasterRequest()) {
  100.             return;
  101.         }
  103.         $request $event->getRequest();
  105.         if (! $request->attributes->get(CanRestBundle::ATTR_SERVICE_ZONE)) {
  106.             return;
  107.         }
  109.         // Determine the applicable rate limit, according to the registry
  110.         // and the current configuration, but allow third-parties to modify
  111.         // the determined rate limit
  112.         $rateLimit $this->dispatcher->dispatchGetRateLimit($request$this->getRateLimit($request))->getRateLimit();
  114.         // Skip if the endpoint is not rate-limited
  115.         if (null === $rateLimit || $rateLimit->isUnspecified() || $rateLimit->isUnlimited()) {
  116.             $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_CONSTRAINTRateLimitConstraint::NONE);
  118.             return;
  119.         }
  121.         // Handle current rate limit
  122.         $rateLimitEntry $this->handler->handle($request$rateLimit);
  123.         $rateLimitInfo $rateLimitEntry->getRateLimitInfo();
  125.         $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_INFO$rateLimitInfo);
  126.         $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_KEY$rateLimitEntry->getKey());
  128.         if ($rateLimitInfo->isRateLimitExceeded()) {
  129.             // Notify listeners *first*
  130.             $this->dispatcher->dispatchRateLimitsExceeded($request$rateLimitEntry);
  132.             switch ($this->configuration->getPolicy()) {
  133.                 case RateLimitPolicy::REPORT:
  134.                     $this->reportRateLimitExceeded($request$rateLimitEntry);
  135.                     break;
  137.                 case RateLimitPolicy::REDIRECT:
  138.                     $this->redirectRateLimitExceeded($request$rateLimitEntry);
  139.                     break;
  141.                 case RateLimitPolicy::THROW:
  142.                     $this->throwRateLimitExceeded($request$rateLimitEntry);
  143.                     break;
  145.                 case RateLimitPolicy::BLOCK:
  146.                     $this->blockRateLimitExceeded($request$rateLimitEntry);
  147.                     break;
  148.             }
  149.         }
  150.     }
  153.     /**
  154.      * @param Request        $request
  155.      * @param RateLimitEntry $rateLimitEntry
  156.      *
  157.      * @return RateLimit
  158.      */
  159.     protected function redirectRateLimitExceeded(Request $requestRateLimitEntry $rateLimitEntry): RateLimit
  160.     {
  161.     }
  163.     /**
  164.      * @param Request        $request
  165.      * @param RateLimitEntry $rateLimitEntry
  166.      *
  167.      * @return RateLimit
  168.      */
  169.     protected function reportRateLimitExceeded(Request $requestRateLimitEntry $rateLimitEntry): RateLimit
  170.     {
  171.     }
  173.     /**
  174.      * Throws a {@link RateLimitExceededHttpException} and maybe blocks the
  175.      * consumer, if it already exceeded the {@link blockAfter} counter.
  176.      *
  177.      * @param Request        $request
  178.      * @param RateLimitEntry $rateLimitEntry
  179.      *
  180.      * @return RateLimit
  181.      */
  182.     protected function throwRateLimitExceeded(Request $requestRateLimitEntry $rateLimitEntry): RateLimit
  183.     {
  184.         $blockAfter $this->configuration->getBlockAfter();
  186.         if ($blockAfter && $rateLimitEntry->getRateLimitInfo()->isRateLimitAbused($blockAfter)) {
  187.             // Dispatch a rate limit abused event *first*
  188.             $this->dispatcher->dispatchRateLimitsAbused($request$rateLimitEntry$blockAfter);
  190.             throw new RateLimitAbusedException($rateLimitEntry->getRateLimitInfo(), $blockAfter);
  191.         } else {
  192.             throw new RateLimitExceededException($rateLimitEntry->getRateLimitInfo());
  193.         }
  194.     }
  196.     /**
  197.      * Throws a {@link RateLimitAbusedException} and blocks the consumer.
  198.      *
  199.      * @param Request        $request
  200.      * @param RateLimitEntry $rateLimitEntry
  201.      *
  202.      * @return RateLimit
  203.      */
  204.     protected function blockRateLimitExceeded(Request $requestRateLimitEntry $rateLimitEntry): RateLimit
  205.     {
  206.         $blockAfter $this->configuration->getBlockAfter();
  208.         // Dispatch a rate limit abused event *first*
  209.         $this->dispatcher->dispatchRateLimitsAbused($request$rateLimitEntry$blockAfter);
  211.         throw new RateLimitAbusedException($rateLimitEntry->getRateLimitInfo(), $blockAfter);
  212.     }
  215.     /**
  216.      * @param Request $request
  217.      *
  218.      * @return RateLimit
  219.      */
  220.     protected function getRateLimit(Request $request): RateLimit
  221.     {
  222.         // If someone has already determined the rate limit for the
  223.         // current request, then use that value
  224.         if (null !== $rateLimit $request->attributes->get(CanRestBundle::ATTR_RATE_LIMIT)) {
  225.             $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_CONSTRAINTRateLimitConstraint::EXTERNAL);
  227.             return $rateLimit;
  228.         }
  230.         // Else, try to figure out the rate limit from the resource
  231.         // metadata which corresponds to the requested service node
  233.         // Start with the service default limit, and if, there's an
  234.         // entry which is more specific then override
  235.         $rateLimit $this->configuration->getDefault();
  236.         $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_CONSTRAINTRateLimitConstraint::SERVICE);
  238.         /** @var ServiceNode $serviceNode */
  239.         $serviceNode $request->attributes->get(CanRestBundle::ATTR_SERVICE_NODE);
  240.         $versionNumber $serviceNode->getVersionNumber();
  242.         if (! empty($versionNumber) && $this->metadataStore->hasVersionMetadata($versionNumber)) {
  243.             $resourceName $serviceNode->getResourceName();
  244.             $metadata $this->metadataStore->getVersionMetadata($versionNumber);
  246.             $versionRateLimit = new RateLimit(
  247.                 $metadata->getRateLimit(),
  248.                 $metadata->getRateLimitWindow()
  249.             );
  251.             if (! $versionRateLimit->isUnspecified()) {
  252.                 $rateLimit $versionRateLimit;
  253.                 $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_CONSTRAINTRateLimitConstraint::VERSION);
  254.             }
  256.             if (! empty($resourceName) && $metadata->getResources()->hasItem($resourceName)) {
  257.                 $metadata $metadata->getResources()->getItem($resourceName);
  259.                 $resourceRateLimit = new RateLimit(
  260.                     $metadata->getRateLimit(),
  261.                     $metadata->getRateLimitWindow()
  262.                 );
  264.                 if (! $resourceRateLimit->isUnspecified()) {
  265.                     $rateLimit $resourceRateLimit;
  266.                     $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_CONSTRAINTRateLimitConstraint::RESOURCE);
  267.                 }
  268.             }
  270.             return $rateLimit;
  271.         }
  273.         // As fallback, check the registry
  274.         $request->attributes->set(CanRestBundle::ATTR_RATE_LIMIT_CONSTRAINTRateLimitConstraint::FALLBACK);
  276.         return $this->registry->getRateLimit($request);
  277.     }
  279. }