Redis + RateLimiting
This commit is contained in:
@@ -10,12 +10,12 @@ class ConnectionData {
|
||||
private string $password;
|
||||
private array $properties;
|
||||
|
||||
public function __construct($host, $port, $login, $password) {
|
||||
public function __construct(string $host, int $port, string $login, string $password) {
|
||||
$this->host = $host;
|
||||
$this->port = $port;
|
||||
$this->login = $login;
|
||||
$this->password = $password;
|
||||
$this->properties = array();
|
||||
$this->properties = [];
|
||||
}
|
||||
|
||||
public function getProperties(): array {
|
||||
|
||||
@@ -4,6 +4,7 @@ namespace Core\Objects;
|
||||
|
||||
use Core\Configuration\Configuration;
|
||||
use Core\Configuration\Settings;
|
||||
use Core\Driver\Redis\RedisConnection;
|
||||
use Core\Driver\SQL\Column\Column;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Condition\CondLike;
|
||||
@@ -25,6 +26,7 @@ class Context {
|
||||
private Configuration $configuration;
|
||||
private Language $language;
|
||||
public ?Router $router;
|
||||
private ?RedisConnection $redis;
|
||||
|
||||
private function __construct() {
|
||||
|
||||
@@ -32,6 +34,7 @@ class Context {
|
||||
$this->session = null;
|
||||
$this->user = null;
|
||||
$this->router = null;
|
||||
$this->redis = null;
|
||||
$this->configuration = new Configuration();
|
||||
$this->setLanguage(Language::DEFAULT_LANGUAGE());
|
||||
|
||||
@@ -52,6 +55,11 @@ class Context {
|
||||
$this->sql->close();
|
||||
$this->sql = null;
|
||||
}
|
||||
|
||||
if ($this->redis && $this->redis->isConnected()) {
|
||||
$this->redis->close();
|
||||
$this->redis = null;
|
||||
}
|
||||
}
|
||||
|
||||
public function setLanguage(Language $language): void {
|
||||
@@ -201,4 +209,18 @@ class Context {
|
||||
|
||||
return $query->execute();
|
||||
}
|
||||
|
||||
public function getRedis(): ?RedisConnection {
|
||||
|
||||
if ($this->redis === null) {
|
||||
$settings = $this->getSettings();
|
||||
$connectionData = $settings->getRedisConfiguration();
|
||||
$this->redis = new RedisConnection($this->sql);
|
||||
if (!$this->redis->connect($connectionData)) {
|
||||
$this->redis = null;
|
||||
}
|
||||
}
|
||||
|
||||
return $this->redis;
|
||||
}
|
||||
}
|
||||
31
Core/Objects/RateLimitRule.class.php
Normal file
31
Core/Objects/RateLimitRule.class.php
Normal file
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace Core\Objects;
|
||||
|
||||
class RateLimitRule {
|
||||
|
||||
const SECOND = 0;
|
||||
const MINUTE = 1;
|
||||
const HOUR = 2;
|
||||
|
||||
private int $count;
|
||||
private int $perSecond;
|
||||
|
||||
public function __construct(int $count, int $time, int $unit) {
|
||||
$this->count = $count;
|
||||
$this->perSecond = $time;
|
||||
if ($unit === self::HOUR) {
|
||||
$this->perSecond *= 60 * 60;
|
||||
} else if ($unit === self::MINUTE) {
|
||||
$this->perSecond *= 60;
|
||||
}
|
||||
}
|
||||
|
||||
public function getCount(): int {
|
||||
return $this->count;
|
||||
}
|
||||
|
||||
public function getWindow(): int {
|
||||
return $this->perSecond;
|
||||
}
|
||||
}
|
||||
71
Core/Objects/RateLimiting.class.php
Normal file
71
Core/Objects/RateLimiting.class.php
Normal file
@@ -0,0 +1,71 @@
|
||||
<?php
|
||||
|
||||
namespace Core\Objects;
|
||||
|
||||
use Core\Driver\Logger\Logger;
|
||||
|
||||
class RateLimiting {
|
||||
|
||||
private ?RateLimitRule $anonymousRule;
|
||||
private ?RateLimitRule $sessionRule;
|
||||
|
||||
public function __construct(?RateLimitRule $anonymousRule = null, ?RateLimitRule $sessionRule = null) {
|
||||
$this->anonymousRule = $anonymousRule;
|
||||
$this->sessionRule = $sessionRule;
|
||||
}
|
||||
|
||||
public function check(Context $context, string $method): bool {
|
||||
$session = $context->getSession();
|
||||
$logger = new Logger("RateLimiting", $context->getSQL());
|
||||
|
||||
if ($session !== null) {
|
||||
// session based rate limiting
|
||||
$key = $session->getUUID();
|
||||
$effectiveRule = $this->sessionRule;
|
||||
} else {
|
||||
// ip-based rate limiting
|
||||
$key = $_SERVER['REMOTE_ADDR'];
|
||||
$effectiveRule = $this->anonymousRule;
|
||||
}
|
||||
|
||||
if ($effectiveRule === null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$redis = $context->getRedis();
|
||||
if (!$redis?->isConnected()) {
|
||||
$logger->error("Could not check rate limiting, redis is not connected.");
|
||||
return true;
|
||||
}
|
||||
|
||||
$now = time();
|
||||
$queue = json_decode($redis->hGet($method, $key)) ?? [];
|
||||
$pass = true;
|
||||
$queueSize = count($queue);
|
||||
if ($queueSize >= $effectiveRule->getCount()) {
|
||||
// check the last n entries, whether they fit in the current window
|
||||
$requestsInWindow = 0;
|
||||
foreach ($queue as $accessTime) {
|
||||
if ($accessTime >= $now - $effectiveRule->getWindow()) {
|
||||
$requestsInWindow++;
|
||||
if ($requestsInWindow >= $effectiveRule->getCount()) {
|
||||
$pass = false;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($pass) {
|
||||
array_unshift($queue, $now);
|
||||
if ($queueSize + 1 > $effectiveRule->getCount()) {
|
||||
$queue = array_slice($queue, 0, $effectiveRule->getCount());
|
||||
}
|
||||
$redis->hSet($method, $key, json_encode($queue));
|
||||
}
|
||||
|
||||
return $pass;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user