From fe84f2f79668b925207d61a383bc518f19d07ad8 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 8 Oct 2019 11:47:08 +0200 Subject: [PATCH] fix: [missing] component added --- .../Component/RateLimitComponent.php | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 app/Controller/Component/RateLimitComponent.php diff --git a/app/Controller/Component/RateLimitComponent.php b/app/Controller/Component/RateLimitComponent.php new file mode 100644 index 000000000..0f0b12f1e --- /dev/null +++ b/app/Controller/Component/RateLimitComponent.php @@ -0,0 +1,62 @@ + array( + 'restSearch' => 1 + ), + 'events' => array( + 'restSearch' => 1 + ) + ); + + public $components = array('RestResponse'); + + public function check($user, $controller, $action, $Model, &$info = array(), $responseType) + { + if (!empty($user['Role']['enforce_rate_limit'])) { + $uuid = Configure::read('MISP.uuid'); + if (empty($uuid)) { + $uuid = 'no-uuid'; + } + $keyName = 'misp:' . $uuid . ':rate_limit:' . $user['id']; + if (!empty($this->__limitedFunctions[$controller][$action])) { + if ($user['Role']['rate_limit_count'] == 0) { + throw new MethodNotAllowedException(__('API searches are not allowed for this user role.')); + } + $redis = $Model->setupRedis(); + $count = $redis->get($keyName); + if ($count !== false && $count >= $user['Role']['rate_limit_count']) { + $info = array( + 'limit' => $user['Role']['rate_limit_count'], + 'reset' => $redis->ttl($keyName), + 'remaining'=> $user['Role']['rate_limit_count'] - $count + ); + return $this->RestResponse->throwException( + 429, + __('Rate limit exceeded.'), + '/' . $controller . '/' . $action, + $responseType + ); + } else { + if ($count === false) { + $redis->setEx($keyName, 900, 1); + } else { + $redis->setEx($keyName, $redis->ttl($keyName), intval($count) + 1); + } + } + $count += 1; + $info = array( + 'limit' => $user['Role']['rate_limit_count'], + 'reset' => $redis->ttl($keyName), + 'remaining'=> $user['Role']['rate_limit_count'] - $count + ); + } + } + return true; + } +}